But a 7-character passphrase isn't very secure by itself. I'd much rather have something longer. Even something like:
One 2 Three 4 Five That's pretty decent. Mixed case, with spaces and numbers. Easy to remember and 19 characters long. Not likely to end up on a Post-It. Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com <http://www.rolandschorr.com/> b...@rolandschorr.com From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Monday, November 02, 2009 9:23 AM To: NT System Admin Issues Subject: Re: Password change rules - never? first letter only of a 7 word phrase? On Mon, Nov 2, 2009 at 1:20 PM, Richard Stovall <rich...@gmail.com> wrote: Hilarious. Though Caesare may have pushed Shook out of the tree. It's been a while since he showed up. On a topical note, I completely agree. I encourage people to use long, grammatical passphrases whenever possible. In truth, however, they tend to only do it for things they don't have to type very often such as WPA keys, etc. For everyday use they always revert to something short unless there is a policy in place that forces them to do otherwise. On Mon, Nov 2, 2009 at 2:10 PM, Ben Scott <mailvor...@gmail.com> wrote: > On Mon, Nov 2, 2009 at 9:38 AM, David Lum <david....@nwea.org> wrote: >> Thoughts, comments? Oh and do read the comments. > > I've sometimes wondered if we wouldn't be better off enforcing (1) a > very long minimum password length and (2) complexity checking that > only filters stupid sequences. Thus, encouraging users to use > non-trivial passphrases rather than passwords. > > Shook and Caesare sitting in a tree > > is going to be both hard to guess and easy to remember, while > > S5p$3xQ! > > is only hard to guess, and thus much more likely to be on a Post-It note. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~