I'm a security noob, so correct me if I'm wrong, but I thought passwords consisting of a random string of letters/numbers/symbols was considered bad security practice these days? Easy for machines to crack, hard for humans to remember?
What happened to Correct Horse Battery Staple [1]?
Correct Horse Battery Staple is good! The main benefit is that with this scheme, it’s much much easier for a human to memorize, compared to a random string.
A random string is still secure, given that it has enough entropy. I would say a length of ~15 characters or more is desired (A-Z + a-z + 0-9, maybe some periods and hyphens etc.) Unfortunately, this is also quite hard to memorize.
Both these are very hard to crack! Especially if the cracker can’t do it offline. (Because online, in a good system, some kind of rate-limiting will kick in and then it takes forever.)
What happened to Correct Horse Battery Staple [1]?
- [1]: https://xkcd.com/936/