Skip to main content

Hitachi ID Systems Blogs

Posts Tagged ‘passphrase security’

More on entropy in passphrases

Tuesday, January 22nd, 2013

It’s been a while since I wrote about using passphrases, and the illusion that it necessarily increases security, since users are likely to choose short, grammatically sensible sentences.

It seems that someone has actually gone to the trouble of doing the analysis, reconfirming that passphrases are not as secure as one might think:

www.cs.cmu.edu/~agrao/paper/Effect_of_Grammar_on_Security_of_Long_Passwords.pdf

A bit of an academic read, but basically it just confirms my assertion that going from complex passwords to long-but-likely-all-lowercase-letters passwords is not of much security benefit.

page top page top