Also, don’t use regular passwords with random letters and numbers, they are really hard to remember and easier to crack if the password isn’t complex enough. Instead, use a passphrase with at least 5 words.
Is that safe though? After seeing that XKCD I also thought it would be a good idea but then read that using passphrases is even worse because brute force attacks often use dictionaries as well to test word combinations, so one should use scrambled characters, just long enough to resist brute force.
The XKCD comic uses the entropy of common words assuming an informed cracker is using the best tools at their disposal, that being a dictionary attack. That’s why the entroy per character of the passphrase is so low compared to that of the special character password, but the passphrase can be much longer because it’s easier to remember, so that’s what gives it its higher total entropy.
Also, don’t use regular passwords with random letters and numbers, they are really hard to remember and easier to crack if the password isn’t complex enough. Instead, use a passphrase with at least 5 words.
Is that safe though? After seeing that XKCD I also thought it would be a good idea but then read that using passphrases is even worse because brute force attacks often use dictionaries as well to test word combinations, so one should use scrambled characters, just long enough to resist brute force.
The XKCD comic uses the entropy of common words assuming an informed cracker is using the best tools at their disposal, that being a dictionary attack. That’s why the entroy per character of the passphrase is so low compared to that of the special character password, but the passphrase can be much longer because it’s easier to remember, so that’s what gives it its higher total entropy.
Explain XKCD goes into more detail about how the calculation was done: https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength