DEV Community


Discussion on: Seriously though, what's the problem with passphrases???

ericgeek profile image

Actually no, those garbage-like passwords do have more entropy. The point of the xkcd you were probably thinking of was that short passwords that people easily remember have less entropy than passphrases. Randal estimated that sample passphrase as having about 44 bits of entropy, which, even if you're just using 8 characters made up of a-Z, A-Z, 0-9, and two punctuation marks, results in 48 bits of entropy.

The reason that Google recommends those passwords is because the Chrome browser has no problems remembering those kinds of passwords and fewer sites have issues with those passwords than actual passphrases, which means that they can get more entropy with fewer problems.

As for passphrases, I like them, but still find that people that don't use them often can't remember them. My girlfriend hates the WiFi password (23 characters long, including 8 randomly generated characters). So I switch it to a passphrase, which she forgets by the next time she needs to enter it anyway.

rafaelfcorrea profile image
Rafael Fernandes Corrêa Author

Well, yeah, some people will keep forgetting the password/passphrase whatever that is. Still, I find it very weird that just having deleting the "foreign" characters from my password allowed me to logon to Docker.
Thanks for the clarification on entropy though!