this post was submitted on 31 Aug 2025
494 points (99.0% liked)
Tech Support Memes
3150 readers
6 users here now
Memes about IT and computer related things, funny screenshots, or things you see out in the wild.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't know where the entropy is at these days so I'm not sure exactly how many words are recommended at this point, but the issue with passphrases is that you have to treat each word like it's one character. Instead of a lot of symbols, now you need a lot of words for a strong passphrase. It also has to be random assortments of words that make no sense, so passages out of any documents are not a good idea. That XKCD strip is definitely outdated because 4 words wasn't enough even 10 years ago.
What if you use made up words that will not appear in a dictionary
Sorry I just now saw this in my notifies. That is a good question, and I would guess that it would in fact be significantly more secure (at least in the short term) than words from dictionaries - assuming they are truly and randomly made up. It's worth noting that human minds are notoriously bad at being random.
That's only true if someone guessing your pass phrase knows that it's made up of words and not random characters.
The idea behind pass phrases is that these things are easy for your human brain to remember, but long enough to be hard to guess by typing random characters (or even combinations of words) by an attacker or a computer (or even a LLM)
Or a person just includes passphrase cracking tools on the database they're working on.