Until someone makes a new dictionary with the first letter of each word in the first sentence of famous literary works.
On Wed, Nov 4, 2009 at 9:12 AM, Ken Schaefer <[email protected]> wrote: > Iwtbot,i (It was the best of times, i). As long as the phrase is > memorable, the user should be able to type the password in (and after a few > days should be quick). > > Something such as the above is not going to be brute-forced in any > meaningful way. > > Cheers > Ken > > ------------------------------ > *From:* Ben Schorr [[email protected]] > *Sent:* Wednesday, 4 November 2009 6:19 AM > > *To:* NT System Admin Issues > *Subject:* RE: Password change rules - never? > > But a 7-character passphrase isn’t very secure by itself. I’d much > rather have something longer. Even something like: > > > > One 2 Three 4 Five > > > > That’s pretty decent. Mixed case, with spaces and numbers. Easy to > remember and 19 characters long. Not likely to end up on a Post-It. > > > > Ben M. Schorr > Chief Executive Officer > ______________________________________________ > *Roland Schorr & Tower > *www.rolandschorr.com > [email protected] > > > > *From:* Jeff Brown [mailto:[email protected]] > *Sent:* Monday, November 02, 2009 9:23 AM > *To:* NT System Admin Issues > > *Subject:* Re: Password change rules - never? > > > > first letter only of a 7 word phrase? > > On Mon, Nov 2, 2009 at 1:20 PM, Richard Stovall <[email protected]> wrote: > > Hilarious. Though Caesare may have pushed Shook out of the tree. > It's been a while since he showed up. > > On a topical note, I completely agree. I encourage people to use > long, grammatical passphrases whenever possible. In truth, however, > they tend to only do it for things they don't have to type very often > such as WPA keys, etc. For everyday use they always revert to > something short unless there is a policy in place that forces them to > do otherwise. > > > On Mon, Nov 2, 2009 at 2:10 PM, Ben Scott <[email protected]> wrote: > > On Mon, Nov 2, 2009 at 9:38 AM, David Lum <[email protected]> wrote: > >> Thoughts, comments? Oh and do read the comments. > > > > I've sometimes wondered if we wouldn't be better off enforcing (1) a > > very long minimum password length and (2) complexity checking that > > only filters stupid sequences. Thus, encouraging users to use > > non-trivial passphrases rather than passwords. > > > > Shook and Caesare sitting in a tree > > > > is going to be both hard to guess and easy to remember, while > > > > S5p$3xQ! > > > > is only hard to guess, and thus much more likely to be on a Post-It note. > > > > -- Ben > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
