this post was submitted on 31 Aug 2025
494 points (99.0% liked)

Tech Support Memes

3150 readers
6 users here now

Memes about IT and computer related things, funny screenshots, or things you see out in the wild.

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] AnimalsDream@slrpnk.net 1 points 1 month ago (2 children)

I don't know where the entropy is at these days so I'm not sure exactly how many words are recommended at this point, but the issue with passphrases is that you have to treat each word like it's one character. Instead of a lot of symbols, now you need a lot of words for a strong passphrase. It also has to be random assortments of words that make no sense, so passages out of any documents are not a good idea. That XKCD strip is definitely outdated because 4 words wasn't enough even 10 years ago.

[–] trashgirlfriend@lemmy.world 1 points 1 month ago (1 children)

What if you use made up words that will not appear in a dictionary

[–] AnimalsDream@slrpnk.net 1 points 2 days ago

Sorry I just now saw this in my notifies. That is a good question, and I would guess that it would in fact be significantly more secure (at least in the short term) than words from dictionaries - assuming they are truly and randomly made up. It's worth noting that human minds are notoriously bad at being random.

[–] TheUniverseandNetworks@lemmy.world 1 points 1 month ago (1 children)

That's only true if someone guessing your pass phrase knows that it's made up of words and not random characters.

The idea behind pass phrases is that these things are easy for your human brain to remember, but long enough to be hard to guess by typing random characters (or even combinations of words) by an attacker or a computer (or even a LLM)

[–] AnimalsDream@slrpnk.net 1 points 1 month ago

Or a person just includes passphrase cracking tools on the database they're working on.