Password Safety & Security: Passwords vs. Passphrases

May 5th 2022 is World Password Day and F5 Labs want to celebrate it!

By now I think everyone in IT has seen the excellent XKCD comic on passphrases. Passphrases are easier to remember, longer, and, therefore, more secure than passwords. Right?

XKCD comic on passphrasesSource: https://xkcd.com/936/

The logic seems sound, but does the math hold up? Are passphrases really more than passwords? Excited to find out if correct horse battery staple is really that secure?

Read the article on F5 Labs to find out, then come back here to share the best and worst advice you've heard for creating strong passwords:

https://www.f5.com/labs/articles/cisotociso/password-safety-security-best-practices-passwords-vs-passphrases

 

 

 

Published May 03, 2022
Version 1.0
security

Was this article helpful?

3 Comments

Sort By
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    May 05, 2022

    the best password is no password at all...am I doing this right? 🙂

  • shsingh's avatar
    shsingh
    Icon for Employee rankEmployee
    May 05, 2022

    Perhaps it's a moot point... no matter how unbreakable your password, you are likely to change it is a site is breached and credentials stolen - regardless of whether the attacker was able to crack your password over the list.

    So to make that something tangible, are we protecting a password against a targeted credential attack (i.e. someone specifically wants MY details), or from large scale breaches (in which case you are more likely to change regardless of password/passphrase strength).

    If it is the latter, then we get into areas of "did I know a site I frequent was breached"... etc which password managers typically do a good job of keeping track of.