What is #Fedi's opinion on #passphrases vs #passwords? Are passphrases just better?

For example,
Passphrase: pillowybarbsspike
Password: Tfu90PQ8vs352

#Passphrases are a great idea. I set mine to "password one two three exclamation point".
#infosec

@douginamug Well, for security, a rather low-hanging fruit is still to ensure that you install software updates promptly. I know, it's not sexy, but it helps a lot!

Next step up I do think is good #password hygiene, including use of a #PasswordManager and #passphrases, plus #MFA #2FA where possible. Should cover #Diceware.

If we can get the typical person on board with those two, that will do a LOT to improve #infosec #security #cybersecurity for both themselves as well as others around them.

@kkarhan Quite frankly, over 64 characters is overkill for #passwords. For a simple randomly generated alphanumeric #password (lowercase letters and digits only) to provide a 128 bit work factor you need 25 characters; for 256 bits, 50 characters. Using uppercase, lowercase and digits, 22 and 43 characters respectively. (Shows how little security you gain by mixing character case.) With #Diceware #passphrases and no additional #passphrase complexity, approximately 10 and 20 words respectively.

@valen I've been using a #PasswordManager for many years now, to help me manage the many, MANY unique #passwords for different services.

And I have encouraged others to use a password manager as well.

That, and #Diceware #passphrases for those few credentials that are difficult to put into a password manager.

@YesIKnowIT Or if you have a #Diceware (or similar) word list handy...

$ <wordlist.txt awk -F$'\t' '{print $2}' | shuf | head -n 6 | xargs echo

(That's not perfectly random because it won't repeat a word, which could happen with a perfectly random generator. However, for any reasonable-length passwords, you're unlikely to see repetition anyway.)

Example output with the EFF long word list:

smother stainable steadfast tackiness scrawny denatured

#password #passwords #passphrase #passphrases

Le #password sono cose serie. Eppure usiamo spesso password difficili da ricordare ma facili da craccare

Meglio una password facile da ricordare e difficile da violare

Un bell'articolo sulla scelta e la gestione di password e #passphrases si trova qui: https://palant.info/2023/01/30/password-strength-explained/

E' chiaro, utile e completo (quasi una lettura obbligatoria)

#cybersecurity #bitwarden #lastpass #security #passwordmanager

Hello Fellow Denizens of Infosec.Exchange!

In the 1830s, Americans thought tomatoes were poisonous, and many people refused to have anything to do with them. But within the space of just 10 years — without TV, radio or the Internet — consumer perception and behavior completely changed. This bodes really well for infosec pros concerned about how to improve consumer security behaviors.

#ICYMI — I joined Carey Parker, host of the consumer security and privacy podcast Firewalls Don't Stop Dragons for a light-hearted discussion on a serious topic: password security. Listen in to find out what the history of tomatoes in the U.S. can teach infosec professionals about educating consumers on good password hygiene.

More than 9,700 people have read this blogpost so far!

Grab a few tomatoes 🍅​🍅​🍅​, have a listen (or read the transcript), and let me know what you think!

https://loistavainfosecurity.com/blog/f/tomatoes-one-time-pads-and-the-california-gold-rush

@FirewallDragons
#OneTimePads
#CaliforniaGoldRush
#Passwords
#Passphrases

@lauren yeah this nonsense does my head in and I'm a #software developer. Just encourage the use of #passphrases.

super fast magic #computers powered by undead #cats à la schrödinger are coming to steal your #data

a coherent #quantum #computing #strategy seems to be really important not only for #international and #national #security but also for #industry and individual security

but how do you get people to take seriously something they don't understand and can't even conceive of the importance of when they won't even use decent #passphrases?

i think there needs to be international discussion about this

super fast magic #computers powered by undead cats à la schrödinger are coming to steal your #data

a coherent #quantum #computing #strategy seems to be really important not only for #international and #national #security, but also for #industry and individual security

but how do you get people to take seriously something they don't understand and can't even conceive of the importance of when they won't even use decent #passphrases?

i think there needs to be international discussion about this

Let's talk about #passphrases. Yes, I'm talking to you.

This article [link] was written in 2011 and is even more viable today. If your #password manager doesn't have an option for generating nonsensical pass phrases, then ditch it. Don't have a password manager? We can't be friends.

Check out the chart to see what I mean. What do I use? #Bitwarden

https://lifehacker.com/why-multi-word-phrases-make-for-more-secure-passwords-t-5796816

Much chatter about passwords and password managers on the timelines. This advice seems like fun, or maybe not if you are a gambling addict.

https://www.eff.org/dice

#passwords #passphrases #passwordmanager #passphrasegenerator #eff

Los passwords normales ya son básicamente inútiles para proteger tus cuentas. Por eso inventé un generador de "frases fuertes" que produce contraseñas mucho más seguras y fáciles de recordar. Échale un ojo
#passphrases

https://mirrodriguezlombardo.com/passphrase/

@JesseSkinner #Bitwarden #PasswordManager across multiple Windows machines and my #Android phone.
And I'm with you, why for the love all things encrypted, do companies still have data breach issues!? It's 2022. They are not hiring the right people to manage the back-end. Not dumping money into their security.
Lock. your. sh|t. down!
(Also: #PASSPHRASES, people!)

Hello Fellow Denizens of Infosec.Exchange!

In the 1830s, Americans thought tomatoes were poisonous, and many people refused to have anything to do with them. But within the space of just 10 years — without TV, radio or the Internet — consumer perception and behavior completely changed. This bodes really well for infosec pros concerned about how to improve consumer security behaviors.

#ICYMI — I joined Carey Parker, host of the consumer security and privacy podcast Firewalls Don't Stop Dragons for a light-hearted discussion on a serious topic: password security. Listen in to find out what the history of tomatoes in the U.S. can teach infosec professionals about educating consumers on good password hygiene.

More than 9,700 people have read this blogpost so far!

Grab a few tomatoes 🍅​🍅​🍅​, have a listen (or read the transcript), and let me know what you think!

https://loistavainfosecurity.com/blog/f/tomatoes-one-time-pads-and-the-california-gold-rush

@FirewallDragons
#OneTimePads
#CaliforniaGoldRush
#Passwords
#Passphrases

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.

Hello Fellow Mastodonians!

Someone here on "the exchange" suggested we create a post with hashtags for things that interest us . . .

#Automation
#Bees 🐝​
#BletchleyPark
#Chiweenies 🐶​
#ChromeOS
#CodeBreaking
#COSS
#Crowdfunding
#Cybersecurity
#Dice 🎲​
#DiceWare 🎲​
#DogsOfMastodon 🐶​ :dance_cool_doge:​
#Finland 🇫🇮​
#Finnish 🇫🇮​
#FOSS
#Ghent 🇧🇪​
#Helsinki 🇫🇮​
#ISSA
#ISACA
#Infosec
#Infosecurity
#InfosecHistory
#LaunchBoom 🚀​
#Letterpress
#MoreThanAPassword
#One-TimePad
#OpenSource
#OSINT
#Passphrases
#Passwords
#RainHarvesting
#TelegraphicCodeBooks
#Typography
#Yubikeys

**************

Sweet! My passphrase of "MyPasswordIsNotP@ssW0rd" is secure!!!! 👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻🎉🎉 #passwords #passphrases

#FBI recommends passphrases over password complexity | ZDNet
https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/