A sensible observation on Passwords

Finally some common sense on Passwords:

XKCD on passwords

So true, it isn’t funny.

This is why in PatentSafe we encourage the use of a phrase for signing documents. We can’t change organisation’s password policies (and most large companies use LDAP anyhow) but we can try to enforce sanity in signing pass phrases.

Maybe we needed short but hard to guess passwords years ago when memory was tight and CPUs weren’t able to chew through all possible combinations as fast as they do today. Nowadays having a 255 character string for a password shouldn’t be a problem – and it needs to be long to slow down brute-force attacks.

(there’s clearly features in PatentSafe to detect and/or defend against brute-force attacks but the first line of security should be sensible passwords).