I type my 3-5 different passwords (collectively, not individually) as many as 200 times a day.
I'm a fast typist (relatively speaking, at ~45wpm, or ~225cpm). Long passwords that are easy to remember and easy to type (not too many oddball characters, but definitely a few) work much better for me. Long and simple works for me. If short and complex works for you - awesome. On Wed, Aug 10, 2011 at 19:41, Crawford, Scott <[email protected]>wrote: > I’d encourage you to pick one of those random password generating web > sites, get an 8 char password and practice typing it 15-20 times. It’s > really not that difficult to memorize. Now, memorizing a dozen of them for > various websites will be quite a bit more difficult, but that’s where things > like lastpass come in.**** > > ** ** > > Typing faster would prolly benefit me quite a bit, as has been pointed out > support, for pass phrases is limited. My point is simply that vast > improvements can be made to a typical P@$$w0Rd by true randomization > without needing to resort to long pass phrases.**** > > ** ** > > *From:* Kurt Buff [mailto:[email protected]] > *Sent:* Wednesday, August 10, 2011 7:22 PM > > *To:* NT System Admin Issues > *Subject:* Re: Almost, but not quite OT: Passwords**** > > ** ** > > I'm not going to argue the point too strongly, but building a short, > complex password probably requires using a mental template of some sort. > Perhaps the initial letters of a set of song titles, or addresses, or > something like that. > > I think that the mental effort of remembering the template and then making > the translation to the keyboard is more difficult than choosing a meaningful > sentence. > > And, for touch typists (like me), it's even easier, since the naturalness > of typing a sentence is more comfortable than trying to type rather random > sequences. > > But, whatever works, I suppose. > > Kurt**** > > On Wed, Aug 10, 2011 at 15:52, Crawford, Scott <[email protected]> > wrote:**** > > Thx. Now, I realize that the little gray boxes are the bits…I feel dumb. > J**** > > **** > > Not, that I disagree with the sentiment, but this assumes that the only way > passwords are being generated is through modifying some word. To me, this is > a reason not to assume that a password is complex simply because it ** > looks** complex or because it has a wide sample of characters. Building a > complex looking password is not the same as a real complex password. As an > example, an 8 character password built from a truly random mix of > upper/lower/numeric characters is 62^8 or ~47 bits of entropy. And, that’s > before adding symbols.**** > > **** > > The problem with passphrases is that they take a relatively long time to > type. Definitely easier to remember, but muscle memory makes remembering 8 > character random alphanumeric passwords pretty easy too.**** > > **** > > *From:* Steve Kradel [mailto:[email protected]] **** > > *Sent:* Wednesday, August 10, 2011 5:06 PM > > *To:* NT System Admin Issues**** > > *Subject:* Re: Almost, but not quite OT: Passwords**** > > **** > > It looks like Randall @ xkcd supposes each word in "correct horse battery > staple" has 11 bits of entropy, which is to say, the person choosing the > password has a comfortable vocabulary of 2^11 (2,048) words from which he > will pick four at random. (2048^4 is the same as 2^44.) I think 2,048 > words is a pretty low estimate, at least in English, but that's not really > the point...**** > > **** > > On the other hand, he suggests forcing people to choose "strong" passwords > presses humans into a doofy pattern that is actually much *less* random than > four dictionary words. 16 bits of uncertainty for the "uncommon base word" > means the user has possibly picked a "difficult" dictionary word (from a > vocabulary of 2^16 = 65,536 words -- generously more than a normal person > knows), and then mangles it up a little bit in semi-predictable ways to > satisfy the password strength checker.**** > > **** > > It definitely raises an interesting question... why do so many > organizations elect for minimum 8-character complex passwords, instead of > "non-complex" passphrases of at least 16 or 20 characters, when the latter > would be easier to remember and probably stronger?**** > > **** > > --Steve**** > > On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott <[email protected]> > wrote:**** > > Interesting. I’d like to understand how the bits of entropy are calculated > though.**** > > **** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Wednesday, August 10, 2011 4:06 PM > > *To:* NT System Admin Issues > *Subject:* Almost, but not quite OT: Passwords**** > > **** > > http://xkcd.com/936/# <http://xkcd.com/936/> > **** > > **** > > Yet, very pertinent.**** > > **** > > **** > > **** > > **** > > *ASB***** > > *http://about.me/Andrew.S.Baker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
