Of course, it's not the worst schema. But it gets a lot more credit than it is worth.
Using dictionary words reduces the entropy of your password significantly. And for a cracker it can be trivial to attack passwords of that form. Given the sort of compute power you can obtain cheaply nowadays, attacking 4-word schemas (especially given people tend to use common words) is not hard.
It's to some degree security through obscurity: no, a cracker will not know your schema in advance but he will attempt to attack multiple schema types. If you're the sole target then that's probably not a concern - it would be a major effort, with limited rewards, to attack your unknown password schema. But if yours forms part of a larger set of passwords being attacked (where the use of multiple schemas and attacks will reap high rewards) then you're at more risk.
IMO, for all the password schemes that people come up with there is no good alternative to a long, randomly generated string with multiple character types.
> especially given people tend to use common words
You don't pick the words yourself, you choose them at random. That's the whole point.
> Given the sort of compute power you can obtain cheaply nowadays, attacking 4-word schemas (especially given people tend to use common words) is not hard.
If the password is hashed with bcrypt with a work factor of 10 (the default in Rails), it would take ~5500 years to crack a single xkcd-style password on a single modern CPU core. Maybe 4 words aren't enough to protect you from the NSA, but they're enough to protect you from Joe Botnet and his db dump.
> Except, how can you be sure your password was stored securely? You should never assume that.
You don't have to. You can use a password manager with an open protocol (like 1Password) where you can tell the db is encrypted using a key correctly and slowly derived from your master xkcd-style password.
If done correctly, it's a much better scheme than randomly generated characters because at the same level of entropy you wind up with a password you can actually remember and type quickly and use consistently in conjunction with a password manager.
> It's to some degree security through obscurity: no, a
> cracker will not know your schema in advance but he will
> attempt to attack multiple schema types.
If you put it like that, then passwords are security through obscurity too, since they are only secure because the attacker does not know the password? It's really all about having your own, personal schema. Even a slight variation of a popular one will put you safely out of the path of that multi-schema dragnet if the resulting password isn't part of any of the schema spaces. Just make sure it really is your very own variant and not something many others would also come up with. Add a part of that old line noise password you still remember from university at a fixed position of the word list or something like that. Even a recycled ATM PIN might help, your word list just got 9999 words longer. Add those digits to the individual words? 9999 new dictionary schemas to process. To play on the old Clarke: any sufficiently high number of possible password schema variations is indistinguishable form requiring a true brute force attack.
> Always use a password manager!
Yay, a single, juicy target, synchronized to any number of devices of various levels of tamper resistance, maybe even with some user-friendly automation that will happily hand out login pairs to anything that has temporarily taken control of your browser. With local exploits empowered by such a big sign saying "this is where the good stuff is kept", do you know a good writeup of practical password manager risk mitigation strategies? Like adding a brain-stored suffix to the more important ones and so on, so that an attack script would also need to do key logging or mild individual brute forcing. I'm sure there must be an established body of expert opinion on this somewhere.
Absolutely, use something different and more complex to 4 common words. That's pretty much what I am saying. My argument is that whilst you are switched on to the problem enough to do that, a lot of people simply are not. So stuff like the XKCD comic can be harmful.
To the second part of your post: sure it's a concern. But that wasn't really the subject of the post. You will never protect yourself completely, but I've always argued that if you're concerned about the sort of things you're concerned about it's already too late. We should train people to use the internet safely and be alert for compromise at the individual level.
Using dictionary words reduces the entropy of your password significantly. And for a cracker it can be trivial to attack passwords of that form. Given the sort of compute power you can obtain cheaply nowadays, attacking 4-word schemas (especially given people tend to use common words) is not hard.
It's to some degree security through obscurity: no, a cracker will not know your schema in advance but he will attempt to attack multiple schema types. If you're the sole target then that's probably not a concern - it would be a major effort, with limited rewards, to attack your unknown password schema. But if yours forms part of a larger set of passwords being attacked (where the use of multiple schemas and attacks will reap high rewards) then you're at more risk.
IMO, for all the password schemes that people come up with there is no good alternative to a long, randomly generated string with multiple character types.
Always use a password manager!