Sunday, August 24, 2014 [Tweets] [Favorites]

Choosing Secure Passwords

Bruce Schneier:

This is why the oft-cited XKCD scheme for generating passwords -- string together individual words like ‘correcthorsebatterystaple’ -- is no longer good advice. The password crackers are on to this trick.


Last year, Ars Technica gave three experts a 16,000-entry encrypted password file, and asked them to break as many as possible. The winner got 90% of them, the loser 62% -- in a few hours. It’s the same sort of thing we saw in 2012, 2007, and earlier. If there’s any new news, it’s that this kind of thing is getting easier faster than people think.


Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment