Is XKCD right about password strength?
The XKCD password scheme is as good as it ever was. The security doesn’t derive from it being unknown, but from it being a good way to generate memorable passwords from a large search space.
What is XKCD password?
xkcd’s password generation scheme requires the user to have a list of 2048 common words (log2(2048) = 11). For any attack we must assume that the attacker knows our password generation algorithm, but not the exact password.
Is Randall Munroe married?
In September 2011, he announced that they had married. In November 2012, he published a comic entitled “Two Years’, and in December 2017, Munroe followed this with a comic entitled “Seven Years”.
How many xkcd passwords should I generate?
Then you can generate just one longer xkcd pass-phrase that you can memorize (say 10 words). Then you create a unique 128-bit truly random password for each account (hex or base 64 are good). 128-bits is going to be strong enough for a long time. If you want to be paranoid go larger, it’s no extra work to generate 256-bit of hex passwords.
What does the xkcd comic say about password security?
What the XKCD comic does not effectively communicate is that the selection of words must be (uniformly) random. If you ask humans to pick words at random, you get a heavy bias for concrete nouns. Such biases can and will be exploited. In a perfect world we would want to strength of our password to be as strong as the keys we are protecting with it.
How hard is it to memorize xkcd pass phrases?
Even xkcd style it gets hard after a few. This is where password managers come in, I like KeePass but there are many others that are basically the same. Then you can generate just one longer xkcd pass-phrase that you can memorize (say 10 words).
How many words are in the xkcd wordlist?
Go directly to the xkcd wordlist to check it out. Each combination is randomly choosen between 7,776 different words. Generating the passwords above is done completely in browser.
https://www.youtube.com/watch?v=sJJcIBwy07A