Reply to post: Re: XKCD has been totuting the complexity angle for years

Android apps prove a goldmine for dodgy password practices


Re: XKCD has been totuting the complexity angle for years

"it takes next to no time at all to defeat the xkcd approach, even when the words are random; it was already defeated years ago - can't remember where I read about it and didn't make a note of it because I never used it anyway precisely because I said to myself "Real words? No way!", so I can't point you to it but, believe me, it wasn't simply phrases/lyrics that were of next to no use but any and all real words (in any and all languages), even with no spaces and/or punctuation."

I remember that article., The sole "evidence" he presented was to point out that dictionary attacks exist(with no further details). He then went on to pimp his self-named method for almost all of the article, giving me the impression he was mainly driven by ego. I immediately discarded it as worthless.

That said, I don't know of any comparison of the strength of the xkcd method to what people actually do, which is all that matters. Let's not make the perfect the enemy of any possible improvement.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019