top | item 26847316

Ask HN: Margaret Thatcher Is 110% Sexy

2 points| phekunde | 4 years ago

I am thinking of providing the following advice to users during password creation:

"Use a memorable phrase as a password with a mix of uppercase letter, numbers and special characters e.g.

Margaret Thatcher is 110% SEXY.

But please do not use too many repeated characters/numbers and avoid using personal identifiable information in the password such as username, email id, real name etc. "

Is this advice sound? What else should be included? At the backend I am using zxcvbn to check password strength.

Motivation for this advice is:

1. xkcd: https://xkcd.com/936

2. The password mentioned in the title was, as an example, suggested by Edward Snowden on Last Week Tonight show: https://www.youtube.com/watch?v=yzGzB-yYKcc

3 comments

[+] rawgabbit|4 years ago|reply

I would argue against uppercase, special characters, and numbers. They don’t provide any more protection against a dictionary attack than throwing in a Spanish or French word in your phrase. “Margaret Thatcher es caliente” is easier to remember.

Bill Burr who invented the original password complexity rules now says forget those special characters and numbers. Simple long phrases that you can remember is more important. https://gizmodo.com/the-guy-who-invented-those-annoying-pass...

[+] Yaa101|4 years ago|reply

In that case they will never guess: "If your fetish is geriatric alzheimers, then you are 120% right"

[+] phekunde|4 years ago|reply

Isn't remembering a memorable passphrase always easier than a cryptic password even for people with good memory?

[+] unknown|4 years ago|reply

[deleted]