“up to 77.5% of passwords,” created this way can be “cracked using a 30% common-word dictionary subset.”
I guess passwords that use pseudo-words from the Xkpasswd generator like Sciant-Opsic-Hobshant741&;| wouldn’t be in that subset. However it doesn’t seem terribly secure either but it is easier to remember than a psedo-random password of the same length.
However the idea of using passkeys irks me a bit since they seem to be dominated by corporate interests. But I admit I haven’t looked for FOSS passkey solutions.
I normally do a 40 char psedo-random password with all the special characters but sometimes the length must be a lot shorter or limit the special character . also if I’m typing it out it’s a lot harder than pseudo-words.
They seem to be using a dictionary consisting of the 30% of words in the Brown corpus which are the most common. So a ~20k word dictionary, very small.
The study does not really tell us anything about what “law enforcement can break.” Nor does it tells us anything about “three random word” passphrases. It tells us that people who do pick a three-word passphrase often do not choose those words well and do much worse than if they had chosen them at random from a dictionary of reasonable size.
I guess passwords that use pseudo-words from the Xkpasswd generator like
Sciant-Opsic-Hobshant741&;|wouldn’t be in that subset. However it doesn’t seem terribly secure either but it is easier to remember than a psedo-random password of the same length.However the idea of using passkeys irks me a bit since they seem to be dominated by corporate interests. But I admit I haven’t looked for FOSS passkey solutions.
I normally do a 40 char psedo-random password with all the special characters but sometimes the length must be a lot shorter or limit the special character . also if I’m typing it out it’s a lot harder than pseudo-words.
What exactly is a passphrase?
They seem to be using a dictionary consisting of the 30% of words in the Brown corpus which are the most common. So a ~20k word dictionary, very small.
The study does not really tell us anything about what “law enforcement can break.” Nor does it tells us anything about “three random word” passphrases. It tells us that people who do pick a three-word passphrase often do not choose those words well and do much worse than if they had chosen them at random from a dictionary of reasonable size.