greg hughes - dot net
Note that the contents of this site represent my own thoughts and opinions, not those of anyone else - like my employer - or even my dog for that matter. Besides, the dog would post things that make sense. I don't.
 Monday, January 24, 2005
I had to change one of my passwords today (good security practices and all that), and with the recent discussions around the 'net concerning using passphrases in place of passwords, I decided to go full tilt and start using passphrases on this account rather than passwords.
One of the great things about passphrases is that they can be quite long and secure, yet easy to type and remember. For example, I could use either of these as a secure passphrase that more than meets all the security requirements of a Windows standard password-complexity template:
Is this my nifty-difty passphrase?
- or -
Wow yo thats a really cool Red Radio you have there!
Of course, I could also be more paranoid (and in real life I am) by using something like "Is this my nyftie-dyftie passphraze?" but even with the standard dictionary words, the combination of having to determine the number of words, case, punctuation, order and spacing is a pretty darn complicated task. For more information about effectiveness of passphrases and their complexity, read what Jesper Johanssen wrote on the topic.
I can included spaces and everything - they're part of the passphrase, and the fact that I am using dictionary words works in the case of a passphrase, where they don't really pass muster when using 8-character-minimum passwords.
Passphrases use multiple words or variations, can be out of place and odd, easy to remember and easy to type quickly. The only problem I have had since changing to my new passphrase is remembering that I changed my password at all - I keep typing the old one... It's like writing "2004" on checks, I guess... This, too, shall pass.
Anyhow, I can type my passphrase accurately every single time, very quickly and reliably, so I am happy with that. If I choose a phrase that means something to me at the time, it will be easy to work with until I have to change it again in several weeks. I think it's a good thing - all in all better from a user standpoint than convoluted and hard-to-type passwords.
More on passwords vs. passphrases can be found here. Also, Susan Bradley, who blogs about Small Business Server quite a bit, has some thoughts on the subject and some policy configuration information (via Adam Field).
© Copyright 2009 Greg Hughes 
This work is licensed under a Creative Commons License.
 | This page was rendered at Saturday, November 07, 2009 9:04:17 PM (Pacific Standard Time, UTC-08:00)
newtelligence dasBlog 2.1.8015.804
|
"Computers used to take up entire buildings, now they just take up our entire lives."
- Unknown
"So how do you know what is the right path to choose to get the result that you desire? And the honest answer is this... You won't. And accepting that greatly eases the anxiety of your life experience."
Syndication [XML] and .net Alerts
For lazy, highly-technical or enlightened people, get this site's content without the use of a web browser. I use FeedDemon for this, but you can choose your own. Subscribe - click the icon for my feed... or sign up for Microsoft Alerts to receive updates through your MSN Messenger, e-mail, or mobile device. Click the orange button thingie to sign up with your Passport account: 
Contact
Drop me an email: Phone: 503-766-2258
Add me to MSN Messenger
Monthly Archive
| September, 2009 (2) |
| August, 2009 (1) |
| July, 2009 (2) |
| June, 2009 (4) |
| May, 2009 (7) |
| April, 2009 (3) |
| March, 2009 (5) |
| February, 2009 (1) |
| January, 2009 (10) |
| December, 2008 (7) |
| November, 2008 (7) |
| October, 2008 (18) |
| September, 2008 (18) |
| August, 2008 (18) |
| July, 2008 (35) |
| June, 2008 (16) |
| May, 2008 (12) |
| April, 2008 (16) |
| March, 2008 (22) |
| February, 2008 (32) |
| January, 2008 (9) |
| December, 2007 (6) |
| November, 2007 (4) |
| October, 2007 (19) |
| September, 2007 (36) |
| August, 2007 (19) |
| July, 2007 (17) |
| June, 2007 (16) |
| May, 2007 (13) |
| April, 2007 (11) |
| March, 2007 (5) |
| February, 2007 (14) |
| January, 2007 (16) |
| December, 2006 (16) |
| November, 2006 (4) |
| October, 2006 (23) |
| September, 2006 (14) |
| August, 2006 (21) |
| July, 2006 (34) |
| June, 2006 (25) |
| May, 2006 (20) |
| April, 2006 (20) |
| March, 2006 (17) |
| February, 2006 (34) |
| January, 2006 (30) |
| December, 2005 (23) |
| November, 2005 (39) |
| October, 2005 (30) |
| September, 2005 (49) |
| August, 2005 (31) |
| July, 2005 (21) |
| June, 2005 (35) |
| May, 2005 (53) |
| April, 2005 (54) |
| March, 2005 (60) |
| February, 2005 (27) |
| January, 2005 (59) |
| December, 2004 (70) |
| November, 2004 (58) |
| October, 2004 (55) |
| September, 2004 (64) |
| August, 2004 (53) |
| July, 2004 (65) |
| June, 2004 (50) |
| May, 2004 (49) |
| April, 2004 (26) |
| March, 2004 (20) |
| February, 2004 (26) |
| January, 2004 (28) |
| December, 2003 (12) |
| October, 2003 (8) |
| September, 2003 (11) |
| August, 2003 (1) |
On this page
Search and Translate this Site
Blog Posting Categories
Navigation Links
Blogroll
 Scott Adams' Dilbert Blog
Scott Adams is the creator of Dilbert, and his blog is an incredibly smart, clever and often funny (sometimes very serious) look at the world. Everyone should read this blog. |
Alex Scoble
Alex is a former coworker who blogs about a variety of IT-related topics. |
Brent Strange
Brent is a cool dude and a great QA guy that I used to work with. His blog is, appropriately, focused on QA and testing technology. |
Chris Brooks
Chris was formerly my boss at work and is an avid board gamer and photographer. He always has some new info about top-notch board games you may have never heard of, so if you're into them, you should check out this blog. |
Chris Pirillo
Lockergnome by trade, Chris is always up to something new. If you are not familiar with the Lockergnome newsletters, be sure to check them out, too. |
Matthew Lapworth
Matt's a software developer and friend. He seems to enjoy extreme sports. That's fine as long as he doesn't, like, die or something. |
Milind Pandit
Milind writes about all sorts of interesting stuff. We worked toegther for eight years, and he worked at our employer longer than I, which pretty much makes him old as dirt in company time. :) |
MSFT Security Bulletins [RSS]
RSS feed for all Microsoft security bulletins provides an always-up-to-date list of updates along with complete descriptions of each. |
neopoleon.com
Rory Blyth is one of the funniest and most thought-provoking bloggers I read. And I blame him for everything. Literally. |
Scott Hanselman
Scott's computerzen blog is a popular spot for all things .NET and innovative. I used to work with him, but then he went off to Microsoft. He's one of the smartest guys I know, and arguably the best technical presenter around. |
Sign In
Who Links Here
Total Posts: 1825
This Year: 32
This Month: 0
This Week: 0
Comments: 3298
Apple (43) AudioBlogging (42) Blogging (153) Fireworks (3) Geek Out (125) GnomeDex (20) Helping Others (27) Home Servers (4) Humor (143) IT Security (214) Kineflex Artificial Disc Surgery (6) Management (8) Mobile (117) Movies (31) Mt. St. Helens (13) Office 2003 (52) OneNote (29) Personal Stories (162) Photography (26) Random Stuff (631) RSS Stuff (47) RunAs Radio (28) Safe Computing (38) SharePoint (55) Tablet PC (41) Tech (995) Things that Suck (67) Windows (5) Windows Media Technology (27)
|