- #XKCD SECURE PASSWORD GENERATOR GENERATOR#
- #XKCD SECURE PASSWORD GENERATOR CODE#
- #XKCD SECURE PASSWORD GENERATOR PASSWORD#
#XKCD SECURE PASSWORD GENERATOR PASSWORD#
Entropy is a measure of the average cost of hitting the right password in a brute force attack. The little boxes in the comic represent entropy in a logarithmic scale, i.e. Here is a thorough explanation of the mathematics in this comic: Security at the expense of usability comes at the expense of security. We should remember this more often, AKA AviD's Rule of Usability: And for an amusing look at how most people actually do choose passwords, check out Your Top 20 Most Common Passwords and The science of password selection.I think the most important part of this comic, even if it were to get the math wrong ( which it didn't), is visually emphasizing that there are two equally important aspects to selecting a strong password (or actually, a password policy, in general):Īll too often, when discussing complex passwords, strong policies, expiration, etc (and, to generalize - all security), we tend to focus overly much on the computer aspects, and skip over the human aspects.Įspecially when it comes to passwords, (and double especially for average users), the human aspect should often be the overriding concern.įor example, how often does strict password complexity policy enforced by IT (such as the one shown in the XKCD), result in the user writing down his password, and taping it to his screen? That is a direct result of focusing too much on the computer aspect, at the expense of the human aspect.Īnd I think that is the core message from the sage of XKCD - yes, Easy to Guess is bad, but Hard to Remember is equally so.Īnd that principle is a correct one. What do you think? Is it easy to remember the other passwords generated here? Do you see some way to improve the algorithm? Is there any merit to this password selection strategy?Īs far as password management goes, I’ve personally found KeePass to be an excellent solution. Will it be just as easy to remember other four-word combinations? I think we’re more likely to remember “correct horse battery staple” for those reasons. But the strip itself is interesting, takes a lot of concentration to understand, and incorporates a visual aid. Sure, a lot of readers will probably have that phrase memorized for a while. The last panel claims that the reader has already memorized “correct horse battery staple”. It’s hard to be convinced about every detail in the strip, but it really had me thinking.
#XKCD SECURE PASSWORD GENERATOR CODE#
In any case, you can view the JavaScript source code here. This list doesn’t include “battery” or “staple”, so perhaps a better list is still possible. I scraped a list of 1949 words (close enough) from this site, which is based on the most frequent occurrences in newspapers. The xkcd strip suggests 11 “bits of entropy” per word, which can be achieved using a list of 211 = 2048 words. For example, “decimalisation contrapuntal assizes diabolism” is not particularly easy to remember, I’d say. That’s important, because the more unusual words are used, the harder the password will be to remember.
#XKCD SECURE PASSWORD GENERATOR GENERATOR#
Other generators have popped up online, but unlike most of those, this generator only uses common English words. In case you missed the strip, here it is:
(But if you’re just signing up for a kitten video forum, you’re probably safe.)
Use at your own peril! I’m not responsible for anything that happens as a result of your password choice. It’s a novel idea, but xkcd stops short of actually recommending such passwords, and so will I.
0 kommentar(er)
