http://imgs.xkcd.com/comics/password_strength.png

Someone with more time on their hands than I has created a pasphrase generator to go along with it. (http://preshing.com/20110811/xkcd-password-generator)

Please forward this to the DOD.

As common sense as that procedure may seem, we'd still have to have 2 upper case, 2 lower case, 2 numbers, and 2 special characters - making still just as difficult to remember. :)

I'd be fine with that if we didn't have to change it every __ (forgot the shelf life... 60 or 90 days maybe?). I can remember a completely random password, but having to change it all the time and remember new ones is annoying.

I'd be fine with that if we didn't have to change it every __ (forgot the shelf life... 60 or 90 days maybe?). I can remember a completely random password, but having to change it all the time and remember new ones is annoying.

Do they look at your old passwords? Can you just switch back and forth between two passwords?

One of our venders has that stupid policy and we're able to switch back and forth between two (I think they're "password" and "12345")

wait, what?

my tiny little brain cannot comprehend......



on a side note...... 200th post!!!!! [Ole]

You guys need something to do?

I plugged 'correcthorsebatterystaple' into a password tester and it said the password was "weak"

however the microsoft tester said it was "strong"

I plugged 'correcthorsebatterystaple' into a password tester and it said the password was "weak"


I bet the tester would say 'Tr0ub4dor&3' is very strong ... but there's the math right there in the comic.

Most password testers are built on the same flawed premise that the comic is making fun of.



Assuming you used this one (http://www.passwordmeter.com/), it actually ranked 'correct horse battery staple' as good ... removing the spaces made it "weak".

Do they look at your old passwords? Can you just switch back and forth between two passwords?

One of our venders has that stupid policy and we're able to switch back and forth between two (I think they're "password" and "12345")

I really have absolutely no idea but when I have to reset my password I may just try it.

The dumb thing about a constantly resetting password policy is that it just encourages people to write the password down ... which is the number 1 way bad guys figure out passwords.

A company I worked for years ago had such a policy and you'd walk around the office and find plenty of people with their password on a post-it on their monitor or in a drawer.

The dumb thing about a constantly resetting password policy is that it just encourages people to write the password down ... which is the number 1 way bad guys figure out passwords.

Tell THAT to the DoD.
I write mine down to help remember it, then dispose of it when I do.

There must have been class in college I should have paid better attention to in
order to understand that.

Millions of dollars worth of security can be defeated by a single "Post-It" note...

Computers are way to easy to hack. I just keep a notebook.

Computers are way to easy to hack. I just keep a notebook.
I do one better, I use computers but I don't use them for anything remotely useful so I figure I'm pretty safe. [ROFL1]

ya we have so many passwords that all change at different times and have different requirements, everyone has them written down...ya safety

most passwords people use end up being the same to maximize chances of guessing it yourself.

I hate constantly changing passwords. any more I imagine a lot of people just save them all on their smartphone and look them up and update as needed. that and the remember password feature really helps out

thats what i do