Reply to post: Users confuse complexity with entropy, no?

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

bobajob12

Users confuse complexity with entropy, no?

Isn't going for length a better tradeoff than these little rules?

In the absence of 2FA, asking the user to pick five English words of four or more letters, and then concatenating them together to create a 20+ char password would seem to give much better entropy than just asking for 8 chars and a number?

On the other hand, I wonder how many people would enter passwordpasswordpasswordpasswordpassword...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020