

Password Strength - chanks
http://xkcd.com/936/

======
patio11
This is one of the few times that xkcd.com is better suited to HN than to
Reddit. If you want to hear more about the superiority of passphrases, a
Microsoft blogger wrote a series of articles on them waaaay back in 2004. I've
been using them since then -- they're elegant, they work well, and simple
inspection shows them to be better than my dictionary_word+modifier standard
passwords. (Which, to be fair, I should migrate from some time when I get a
week free to go to every place I've ever used a password...)

[http://blogs.technet.com/b/robert_hensing/archive/2004/07/28...](http://blogs.technet.com/b/robert_hensing/archive/2004/07/28/199610.aspx)

------
callmevlad
And then you eventually run into the plethora of web apps which will not allow
spaces, require some combination of capitals or numbers, or tell you that your
password can't possibly be that long... and then we're back to square one.

------
rmc
Randal Munrow (the creator behind XKCD) is a genius, and frequently comes out
with great comics that like that show a great ability to communicate and a
deep knowledge of computing and science.

------
timf
I hope people don't follow this advice and use a small subset of memorable
passphrases across many, many sites. There are countless examples of
incompetent application developers recording passwords insecurely (once
hacked, your login/pw is now easily testable against other sites).

You should use a long passphrase (like Randall is talking about) with a
password manager that can manage ~500 equally difficult passwords.

