

Passphrases Not As Secure As You Think - _ikke_
https://www.readwriteweb.com/enterprise/2012/03/passphrases-maybe-not-as-secur.php

======
kaolinite
Each time there is an article about password security, I say the same thing
;-)

"soccer123" is a secure password.

Or at least, it ought to be, in most cases. The reason that 99% of the time it
isn't is because bad security practices are implemented that don't lock users
out temporarily after around 4 or 5 attempts, don't use captchas after the
first 2 attempts, etc.

Nowadays it really ought to be impossible (unless you have access to the
database, of course, in which case you have other problems) to brute force
passwords. But then again, developers (including myself) are lazy :-)

