Passphrase vs. password entropy

Two general points.

First, the benefit of Passphrases is that they make it easier for users to generate entropy while still remembering their key. Generating entropy through randomized characters is hard - and the harder something is, the less people will do it.

The reason that XKCD comic is so cited isn't just the math - it's that people who haven't seen the comic in years can still tell you what that password is. That's the point of the comic: that those bytes of entropy were easy for a human to remember.

Second, you might want to take a look at:

https://wpengine.com/unmasked/

The main highlight? The average password entropy is 21.6. Aka, it's off by a factor of 2-billion from your 94^8 number. The reason? Users don't choose random ascii characters. They don't choose random letters with randomized capitals. They don't choose randomzied letters. They simply choose a word and decorate it.

Basically, it's easier to get a lazy person to generate entropy through a 15-character passphrase than it is to get them to generate entropy through a 8-character password.

Passphrase vs. password entropy

Tags:

Passwords

Passphrase

Entropy

Brute Force

Related

Recent Posts