I have a fairly simple password for my Netflix account, but I change it regularly. it’s a random string of a few words so hopefully its hard to crack. A few friends use my account so I share a note from Apple Notes with each of them, and they get a notification when I make a change to that, so they know they’ll need to log in again. It’s pretty simple to log in to services now though, so having a complex password is fine.
Correct horse battery staple. Loved that one. XD
that’s a really bad comic and has been dis-proven since its creation in 2003.
Having any number of dictionary words together is easy for a computer to guess.
Monzo use 4 random dictionary words together to password some PDFs that they send out.
Doesn’t make it any more secure because a Bank does it
You’re right, I was saying it as a matter of fact
The NCSC advocate this type of password. In fact, they suggest just three random words.
That makes a bold assumption about the type of attacks that are most prevalent. The likelihood that you will ever be a victim of an attack that involves a computer guessing your password is slim at best. This argument is equivalent to saying my credit card pin is compromised because there’s a website that lists all possible 4 digit numbers.
Any service that has the capacity to support the millions of attempts required to iterate through the password variations in a dictionary is a service that will rate limit attempts: I could tell you my Facebook password is one dictionary word and you’d never get access. The only real prospect of compromise in this scenario is if your password is included in a database leak and an attacker attempts to break your password but in that scenario most human generated passwords (“MyDog1234”) are weaker. Humans are much less capable of randomness than they think they are.
Personally I wouldn’t advocate for 3 random words as-is as a password, but I certainly advocate for easy to memorise passwords because a longer memorable password is superior to a short confusing password… although neither approach is much use if you re-use the passwords. People should think about passphrases not passwords. A line from your favourite book with some minor variance is fine, even
that’s a really bad comic! is a good password.
They might for ‘most people’ as it is stronger than qwerty! etc and easier to remember however they are still not secure against dictionary attacks.
Ultimately people should be using password managers
So what was the password you were using? Asking for a friend.
A man walks up to the barman: ‘What’s the WiFi password?’
Barman: ‘You need to buy a drink first.’
Man: ‘OK. I’ll have a Coke.’
Barman: ‘There you go.’
Man: ‘So what’s the password?’
Barman: ‘You need to buy a drink first, all lowercase, no spaces.’
Reminds me of this
The xkcd comic has not been disproved.
Agreed. The only people who have “debunked” it have been wrong! Mostly because they don’t fully understand it.