More on entropy in passphrases

It’s been a while since I wrote about using passphrases, and the illusion that it necessarily increases security, since users are likely to choose short, grammatically sensible sentences.

It seems that someone has actually gone to the trouble of doing the analysis, reconfirming that passphrases are not as secure as one might think:

A bit of an academic read, but basically it just confirms my assertion that going from complex passwords to long-but-likely-all-lowercase-letters passwords is not of much security benefit.


Comments are closed.