So, I've been trying to figure out why my docker login does not work (yep, I was using my username all the time, not the email) then I find out that it wasn't working because I had commited the unthinkable crime of using passphrases and not passwords! Not only that but my passphrase had non-existent latin characters like á, é, í, ó, ú!
I mean what are those some kind of alien writing never seen on Earth's history? Some fragment of that Zodiac Killer writings? What IS latin anyways??
Seriously though, you would have thought that no one in their sane mind would've been using passwords like "@$t&r!x!" or "!QazxsW@" or even better "8zMK.W&`bLbU){s+" (thanks passwordgenerator.net for that one) since the 2000's but, no.
I could even understand why a normal person would've though that a password - oops - passphrase like "moonlight flying horse" would not be safe but, when an amazing software designed by pro devs does not accept that, not even pushing one of those depressing messages like "Your password contains forbidden characters" on my screen, you really start to question things.
From what I understand a passphrase like the one above is actually more secure because it has lots of entropy (please correct me if I'm wrong - I'm not a security expert), but it is also easier to remember. So why is Google suggesting passwords like y&FhHL5a?^?4f6[/? (The question mark is not part of it).
Oh, and if you forget it, here's a "HINT" - yelp & FRUIT hulu HULU LAPTOP 5 apple ? ^ ? 4 fruit 6 [ / .
I hate to be the noob who keeps pinpointing and complaining about everything that's wrong with the industry today, but, it is really fun to write this!! So here goes one more: I don't know if this would break all technology on Earth and send us back to the middle ages, but I wouldn't mind a little more UTF-8 support on the software we use everyday.
By the way, if you're wondering if I got Docker to accept me, I did! By using a proper password.
Top comments (2)
Actually no, those garbage-like passwords do have more entropy. The point of the xkcd you were probably thinking of was that short passwords that people easily remember have less entropy than passphrases. Randal estimated that sample passphrase as having about 44 bits of entropy, which, even if you're just using 8 characters made up of a-Z, A-Z, 0-9, and two punctuation marks, results in 48 bits of entropy.
The reason that Google recommends those passwords is because the Chrome browser has no problems remembering those kinds of passwords and fewer sites have issues with those passwords than actual passphrases, which means that they can get more entropy with fewer problems.
As for passphrases, I like them, but still find that people that don't use them often can't remember them. My girlfriend hates the WiFi password (23 characters long, including 8 randomly generated characters). So I switch it to a passphrase, which she forgets by the next time she needs to enter it anyway.
Well, yeah, some people will keep forgetting the password/passphrase whatever that is. Still, I find it very weird that just having deleting the "foreign" characters from my password allowed me to logon to Docker.
Thanks for the clarification on entropy though!