Or learn your passwords like our ancestors did. If something strikes you as poetic use it as a long password. I still remember an XKCD with “Correct Horse Battery Staple”.
I came up with a modular ruleset that I memorised that allows me to have a unique and complex password for each seperate service, AND I never need to remember them or use a password manager, AND torture me all you want, I actually can’t tell you the password unless I’m sitting in front of a US standard keyboard which is kind of annoying on mobile, such that I have a photo of a keyboard in my downloads folder.
But seriously, torture me all you want, I like it.
I don’t know where the entropy is at these days so I’m not sure exactly how many words are recommended at this point, but the issue with passphrases is that you have to treat each word like it’s one character. Instead of a lot of symbols, now you need a lot of words for a strong passphrase. It also has to be random assortments of words that make no sense, so passages out of any documents are not a good idea. That XKCD strip is definitely outdated because 4 words wasn’t enough even 10 years ago.
That’s only true if someone guessing your pass phrase knows that it’s made up of words and not random characters.
The idea behind pass phrases is that these things are easy for your human brain to remember, but long enough to be hard to guess by typing random characters (or even combinations of words) by an attacker or a computer (or even a LLM)
Or learn your passwords like our ancestors did. If something strikes you as poetic use it as a long password. I still remember an XKCD with “Correct Horse Battery Staple”.
I came up with a modular ruleset that I memorised that allows me to have a unique and complex password for each seperate service, AND I never need to remember them or use a password manager, AND torture me all you want, I actually can’t tell you the password unless I’m sitting in front of a US standard keyboard which is kind of annoying on mobile, such that I have a photo of a keyboard in my downloads folder.
But seriously, torture me all you want, I like it.
I don’t know where the entropy is at these days so I’m not sure exactly how many words are recommended at this point, but the issue with passphrases is that you have to treat each word like it’s one character. Instead of a lot of symbols, now you need a lot of words for a strong passphrase. It also has to be random assortments of words that make no sense, so passages out of any documents are not a good idea. That XKCD strip is definitely outdated because 4 words wasn’t enough even 10 years ago.
That’s only true if someone guessing your pass phrase knows that it’s made up of words and not random characters.
The idea behind pass phrases is that these things are easy for your human brain to remember, but long enough to be hard to guess by typing random characters (or even combinations of words) by an attacker or a computer (or even a LLM)
Or a person just includes passphrase cracking tools on the database they’re working on.
What if you use made up words that will not appear in a dictionary