
Mathematics makes strong case that “snoopy2” can be just fine as a password - markmassie
http://arstechnica.com/security/2014/07/mathematics-makes-strong-case-that-snoopy2-can-be-just-fine-as-a-password/
======
dm2
This article isn't very clear to me but I think it's suggesting that people
use something like "googlemail-snoopy2" as a password rather than just
snoopy2.

Any hacker or security researcher would say that a alphanumeric password under
~10 characters is not wise.

You don't know what kind of hashing websites are using, and rainbow tables
exist for the common types.

IMO, the title of this article is irresponsible. A short common password is
not a good idea, if mathematicians suggest otherwise then they are wrong.

Combining the login process with 2-way auth might be a different story though.
I guess technically a password isn't even needed with 2-way auth, but it's
good to have.

~~~
adambrenecki
I don't think that's what it's saying at all. To me, it reads as though it's
basically saying "one person can't remember really secure passwords for every
site, so use good passwords for important sites, and bad passwords for
unimportant sites".

It actually talks about choosing how secure to make a password based on
importance _and_ "the probability a given account password will be
compromised", but I don't really see how users are going to evaluate the
latter.

