• EpicFailGuy@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    3
    ·
    1 year ago

    More than to protect a real password, this is done (in my experience) to prevent a bunch of unoriginal drones make that THEIR password, because they think is funny, which only means the string gets added to a “passwords to attempt” text list on some hacking website …

    Decreasing security all together

    Case in point: Hunter2, correcthorsebatterystaple, solarwinds123 and Pa$$w0rd1

    • Furbag@lemmy.world
      link
      fedilink
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      I mean, the philosophy behind correcthorsebatterystaple is good. I used that method for master passwords to password managers and it really does work well to help you remember a long complex password that can’t be guessed easily.

      But some people might have been missing the point of that xkcd using correcthorsebatterystaple itself.

      • jasory@programming.dev
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        It’s okay. The thing is when running an attack are you going to permutate through every combination of characters, or are you going to use words from a dictionary first? correcthorsebatterystaple (not a dictionary word) is better than antidisestablishmentarianism (a dictionary word) but in a realistic attack concatenating dictionary words is going to be the next step.

        • Terrasque@infosec.pub
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Because of the number of potential words in the dictionary, it’s still fairly secure. I would recommend 5 or 6 words though