This forum is a discussion about improving the "Create secure passwords to keep your identity safe" article. If you'd like to participate, please register.

If you need help with Firefox, please ask a question.

[Needs Update?] Better and easier passwords

  • 3 Replies
  • Last reply by Strugee
  1. Michael Verdi 1755 posts
    Report Abuse

    Gervase Markham suggested that the there are ways to pick better passwords that are easier to remember. Anyone know more about the relative merits of these methods? Anyone want to take a stab at improving this article?

    [http://blog.gerv.net/2011/10/choosing-strong-passwords Gervase Markham suggested] that the there are ways to pick better passwords that are easier to remember. Anyone know more about the relative merits of these methods? Anyone want to take a stab at improving this article?
  2. Jorge 1 post
    Report Abuse

    Some useful links: http://www.codinghorror.com/blog/2005/08/passphrase-evangelism.html http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125

    The merits of passphrases are that they are easier to remember and are less vulnerable to the most common attacks. One problem they have is that they are less likely to match the password requirements of some websites. Some have maximum length restrictions (FAIL), and others have complexity requirements, which can be fixed by adding numbers/symbols to the passphrase.

    Some useful links: http://www.codinghorror.com/blog/2005/08/passphrase-evangelism.html http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125 The merits of passphrases are that they are easier to remember and are less vulnerable to the most common attacks. One problem they have is that they are less likely to match the password requirements of some websites. Some have maximum length restrictions (FAIL), and others have complexity requirements, which can be fixed by adding numbers/symbols to the passphrase.
  3. gerv 0 posts
    Report Abuse

    I think Mozilla should either produce or endorse an existing set of "pass phrase best practices" for websites - things your password system should do and be. E.g.:

    • Refer to "pass phrase", not password
    • Give static examples of passphrases when user is creating a password
    • (Forbid those examples to be used as passwords!)
    • May not require a minimum of more than 12 characters
    • Must allow up to at least 128 Unicode characters
    • Must relax any requirements for numbers, case or punctuation for passwords longer than 20 characters
    • Must use a per-password salt

    ...

    Gerv

    I think Mozilla should either produce or endorse an existing set of "pass phrase best practices" for websites - things your password system should do and be. E.g.: * Refer to "pass phrase", not password * Give static examples of passphrases when user is creating a password * (Forbid those examples to be used as passwords!) * May not require a minimum of more than 12 characters * Must allow up to at least 128 Unicode characters * Must relax any requirements for numbers, case or punctuation for passwords longer than 20 characters * Must use a per-password salt ... Gerv
  4. Strugee 0 posts
    Report Abuse

    I think this xkcd might be of relevance to this discussion.

    I think [http://xkcd.com/936/ this xkcd] might be of relevance to this discussion.
    Modified by Strugee on