The Guy Who Invented Passwords Says He's Sorry

Better method for work pw generation: first person you meet at work in the morning, what you had for dinner the night before, current year

This is significantly worse than Diceware though.

There's really no reason to ever use anything other than 3-4 (for your p/w manager, and some primary email accounts) Diceware passwords, with everything else being randomly generated in your p/w manager.
 
There's really no reason to ever use anything other than 3-4 (for your p/w manager, and some primary email accounts) Diceware passwords, with everything else being randomly generated in your p/w manager.

Except for idiotic security policies following the guide referred to in the OP, which forbid Diceware passwords. Bonus points for having a maximum password length.
 
Well, choosing random english words, if enough, can be hard to break by brute force even if the hacker is (due to some reason; we assume he is correct there) knowing you chose x english words. There are likely a couple hundred thousand english words, so it makes little sense to use a database of them to try 200K times 200K times 200K times 200K for just 4 words. It won't take less time than 26 (iirc? 26 letters in english?) ^16 (assuming they add up to 16 letters, eg 4 4-letter english words). I mean one could just use the same word four times, and be still safe.
 
This is significantly worse than Diceware though.

There's really no reason to ever use anything other than 3-4 (for your p/w manager, and some primary email accounts) Diceware passwords, with everything else being randomly generated in your p/w manager.

I know that, but I mean, the dude is bragging about how his password is 111111, doesn't seem to me like he'd be interested in whipping out the dice and consulting a word list
 
My point is those passwords literally do not matter. They're my windows logon and my phone unlock. If you have physical possession of my laptop to where you need those passwords to see my harddrive/phone contents then I have failed cus I didn't secure it. Malware doesn't need your windows password cus it infects you when you're already logged on.
 
My point is those passwords literally do not matter. They're my windows logon and my phone unlock. If you have physical possession of my laptop to where you need those passwords to see my harddrive/phone contents then I have failed cus I didn't secure it. Malware doesn't need your windows password cus it infects you when you're already logged on.

Not very helpful if you run a company with a thousand employees. You're guaranteed to have laptops lost on a regular basis. You don't want the consequence of an employee losing a laptop to be the release of sensitive information. The employee only gets blamed for failing if they're deliberately skirting IT policies. For instance, by deliberately choosing poor passwords.
 
I'd honestly be more annoyed by a system demanding that my password be at least 16-characters long than one demanding I throw in a couple of special characters ,
Me too. I always keep my password simple, so it's easy to remember, but sometimes the system password requires special symbols and long characters, it makes me forget my passwords a lot,
So i often use the Recoverywindowspassword tool to restore password ,
 
Last edited:
Me too. I always keep my password simple, so it's easy to remember, but sometimes the system password requires special symbols and long characters, it makes me forget my passwords a lot,
So i often use the Recoverywindowspassword tool to restore password ,
Many devices involve data security,If you use your password a lot, you won't forget,you can write it down
 
Back
Top Bottom