Better password systems should allow spaces in the password. However, remember that the strength of a password is based on the number of random choices and the number of possible selections for that choice.
SO, a password based in a quotation means you’re basing the entire password on _one_ random choice: which quotation to select. Critically, it isn’t the number of characters in the password anymore, because those aren’t random (for example, if I’m thinking of a passphrase that begins “Space, the final fro…”, what are the next 6 letters? Are you confident you could guess the next 12 letters after that?).
So it comes down to _one_ choice, and the number of quotations you can choose between … and if you as a human being make that selection, it is likely between a very small (a few thousand) popular choices. This results in a weak password, roughly equivalent in strength to 2 or 3 random characters. Even if we let a computer do the selection between the most memorable line in every book ever written (about 130 million), this is roughly the same strength as 4 or 5 random characters.
A passphrase where each choice is a word randomly chosen from the dictionary (the “correct horse battery staple” method) can be quite a bit stronger. If our dictionary has 8000 words, a four-word random passphrase has about the same strength as 8 or 9 random characters, and many people find it easier to memorize. So this is the approach I recommend.
Latest Answers