Are multi-word passphrases more secure than normal passwords?

Some researchers at University of Cambridge Computer Laboratory have taken a closer look at the recently popular claim that multi-word passphrases, being several times longer, are more secure than a regular password (generally 8 to 12 characters).
The results are discouraging: by our metrics, even 5-word phrases would be highly insecure against offline attacks, with fewer than 30 bits of work compromising over half of users. The returns appear to rapidly diminish as more words are required.
They recommend a tool such as Diceware for generating passphrases.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.