Friday, 12 August 2016

The joy of passphrase

I have come across several articles in the last day or two saying that we don't need to worry about remembering impossible passwords like K@tn1p anymore, because it has been discovered that passphrases - simply longish text phrases without gaps - are just as difficult for hackers to work out as those ridiculous passwords.

This may be true - but there are still some issues with passphrases. One is remembering just which of your favourite phrases or lines from poetry or whatever you used. Was it 'ivegotthisterrificpaininallthediodesdownmyleftside' or 'theearthismostlyharmless'? What if you misquote your phrase when you set it? And while a random guessing program may struggle to identify my phrase as 'allscienceiseitherphysicsorstampcollecting', might this be an easy guess to someone familiar with my writing?

Most of all, though, how many times are you going to type in 'tobeornottobethatisthequestion' only to be told YOUR PASSWORD MUST CONTAIN AT LEAST ONE CAPITAL, ONE NUMBER AND ONE WEIRD CHARACTER, SO DO IT AGAIN, IDIOT

Yes, it probably is a good idea, but maybe not the universal panacea those articles seem to suggest.

No comments:

Post a Comment