Monday, October 12, 2020

You aren't still storing passwords in your brain, are you?

from here and here (image source)

The old advice about passwords being easy to remember and hard to guess isn't very good on it's own, but it did spread far and wide. If you ask people what makes a good password there's a good chance they'll respond with some variation on easy to remember and hard to guess. 

The good news is that it doesn't take much tweaking to upgrade it to modern requirements. If the computer is doing the remembering for you then that's going to be some sort of password manager, and once you have that in place you can basically get uniqueness and strength for free. Moreover, taking advantage of something that's already in people's heads is easier than getting something entirely new in there.