Four disparate words

With a number and a special character, for good measure
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .

Last week I posted a GPT summary of my infamous “Password manifesto.”   Today, I link to an even more famous graphic summary of how password best practices evolved to where they are today.

Because, interestingly, using disparate words – separated by spaces, and including a number and a special character – ends up being the strongest password if it’s over 15 characters.  And – unless you’re trying to be unsafe, the four words you choose will put you over 15 characters.  Once you’re over 15 characters, crackers struggle.

The convoluted mnemonics coupled with the core password concept articulated in my password manifesto were great when we were first developing and teaching password practices.   But anybody that reads that manifesto today knows it’s too complex.

But keep in mind this was also before most users  understood what a password is supposed to accomplish in the first place.   It was when we were trying to convince people they should use passwords.  And, I still use the core concept today, in a variety of ways.

But if I were to teach a user password practices from scratch – as a person who comes from a time when you used to teach people passwords practices from scratch – I would find it much easier to say: “use a phrase of four disparate words, separated by spaces, with a number and a special character somewhere in your phrase.”

And it doesn’t take an entire manifesto just say that.  In fact, it’s best said in a comic strip.

Original article by Dan Hadaway CRISC CISA CISM. Founder and Information Architect, infotex

”Dan’s New Leaf” – a fun blog to inspire thought in  IT Governance.