• vamputer
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    2
    ·
    edit-2
    1 year ago

    I like doing entire phrases with some rhymes thrown in. Makes it easier to remember them.

    “BonyTonyMoansHe’sOnlyGrownLonely” has a shitload of characters, and a full sentence (even a nonsensical one like that) is more memorable to me than a random handful of disparate words.

    The more ridiculous, the better. (And, naturally, don’t forget your numbers and symbols)

    EDIT: Actually, no idea why I made it all one group of words. So long as spaces are in the password’s character space (and they very well should be if friggin’ emojis are), there’s nothing stopping you from doing an entire, punctuated sentence- other than that we’ve been conditioned not to think of a password that way.

    “Skinny Kenny’s friend, Mini Ben, has 20 chins.” That should be a fully-acceptable password with 46 characters (48 if you add the quotes), capital letters, numbers, and special characters.

    • scinde@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      You can’t compare a 46 random character password to a password composed out of words, the entropy of each is very different. Your kind of password is vulnerable to dictionary attacks which are way more common and easy than brute forcing every possibility. A 50+ characters unique random password for each service that is stored in a password manager which is encrypted with a 20+ characters random password is the most secure and future proof (for now).

      • Aatube@kbin.social
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        If the attacker doesn’t know that you’re using a dictionary password, then dictionary attacks probably won’t be their first choice. I want to remember these passwords across devices and on guests.

        • scinde@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Like someone else said on this thread; that’s just security by obscurity, which is bad. Dictionary attacks will be one of the first (brute force related) attacks attackers will use because word passwords are incredibly popular (though admittedly of fewer words: VeryBigDog34 etc…), and relatively easy to do. I agree that having the password across different devices is somewhat of a challenge with a password manager, but not impossible. My very long and complex password is all down to muscle memory by this point, I couldn’t tell you what it is from memory.

          Also you shouldn’t use the same password on multiple things and if you don’t use a password manager you will need to memorize a lot of different passwords.