Is there a technical reason why blank spaces can’t be used in password since you always have to hit submit afterwards anyway?

1.19K viewsOtherTechnology

Just reading in that long password are better than complex ones. Wouldn’t it be better if our passwords were long memorable quotes like “Now are the times that try men’s souls” instead of something like Be$ty78?

In: Technology

31 Answers

Anonymous 0 Comments

Better password systems should allow spaces in the password. However, remember that the strength of a password is based on the number of random choices and the number of possible selections for that choice.

SO, a password based in a quotation means you’re basing the entire password on _one_ random choice: which quotation to select. Critically, it isn’t the number of characters in the password anymore, because those aren’t random (for example, if I’m thinking of a passphrase that begins “Space, the final fro…”, what are the next 6 letters? Are you confident you could guess the next 12 letters after that?).

So it comes down to _one_ choice, and the number of quotations you can choose between … and if you as a human being make that selection, it is likely between a very small (a few thousand) popular choices. This results in a weak password, roughly equivalent in strength to 2 or 3 random characters. Even if we let a computer do the selection between the most memorable line in every book ever written (about 130 million), this is roughly the same strength as 4 or 5 random characters.

A passphrase where each choice is a word randomly chosen from the dictionary (the “correct horse battery staple” method) can be quite a bit stronger. If our dictionary has 8000 words, a four-word random passphrase has about the same strength as 8 or 9 random characters, and many people find it easier to memorize. So this is the approach I recommend.

You are viewing 1 out of 31 answers, click here to view all answers.