

Statistics Will Crack Your Password - myover
http://www.praetorian.com/blog/statistics-will-crack-your-password-mask-structure

======
SAI_Peregrinus
Stuff like this is why I use Diceware for passwords I must memorize, and
Keepass for the rest. At 12.9 bits of entropy per word my 10 word master
passphrase gives > 128 bit security, which is enough for all practical
purposes. I've got a few of those (Keepass master, e-mail, banking, disk
encryption, PC login) but it's still less than 100 words memorized. Of course
any password safe like Keepass potentially turns "something you know" into
"something you have" if you get a keylogger or such, but that problem exists
for all passwords anyway.

But I'm a geek. I've taken the time to understand information entropy, and how
it relates to passwords. I know how terrible humans (including me) are at
generating randomness. Most people aren't educated in this field, and indeed
shouldn't have to be. The only solutions I've seen that I feel have any chance
of working are password managers and generating unchangeable, memorable
passwords for users.

~~~
hob0man
Well said

------
hob0man
If anyone has any questions or thoughts on this. I am open to talking about
additional methods and work I am doing in this area, including creating a tool
to facilitate some of this as a streamed process

~~~
myover
Nice!

------
hob0man
^ I wrote this article and would like anyone who has feedback on the matter to
speak freely

