Iwtbot,i (It was the best of times, i). As long as the phrase is memorable, the user should be able to type the password in (and after a few days should be quick).
Something such as the above is not going to be brute-forced in any meaningful way. Cheers Ken ________________________________ From: Ben Schorr [[email protected]] Sent: Wednesday, 4 November 2009 6:19 AM To: NT System Admin Issues Subject: RE: Password change rules - never? But a 7-character passphrase isn’t very secure by itself. I’d much rather have something longer. Even something like: One 2 Three 4 Five That’s pretty decent. Mixed case, with spaces and numbers. Easy to remember and 19 characters long. Not likely to end up on a Post-It. Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com<http://www.rolandschorr.com/> [email protected]<mailto:[email protected]> From: Jeff Brown [mailto:[email protected]] Sent: Monday, November 02, 2009 9:23 AM To: NT System Admin Issues Subject: Re: Password change rules - never? first letter only of a 7 word phrase? On Mon, Nov 2, 2009 at 1:20 PM, Richard Stovall <[email protected]<mailto:[email protected]>> wrote: Hilarious. Though Caesare may have pushed Shook out of the tree. It's been a while since he showed up. On a topical note, I completely agree. I encourage people to use long, grammatical passphrases whenever possible. In truth, however, they tend to only do it for things they don't have to type very often such as WPA keys, etc. For everyday use they always revert to something short unless there is a policy in place that forces them to do otherwise. On Mon, Nov 2, 2009 at 2:10 PM, Ben Scott <[email protected]<mailto:[email protected]>> wrote: > On Mon, Nov 2, 2009 at 9:38 AM, David Lum > <[email protected]<mailto:[email protected]>> wrote: >> Thoughts, comments? Oh and do read the comments. > > I've sometimes wondered if we wouldn't be better off enforcing (1) a > very long minimum password length and (2) complexity checking that > only filters stupid sequences. Thus, encouraging users to use > non-trivial passphrases rather than passwords. > > Shook and Caesare sitting in a tree > > is going to be both hard to guess and easy to remember, while > > S5p$3xQ! > > is only hard to guess, and thus much more likely to be on a Post-It note. > > -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
