Nobody's gonna remember "pyf85ruGmmgæ&Oy_w48euaT0lt" so they'll either write it down, save it to their browser,or use a password manager, either of which makes it less secure.

On the other hand, something simple that doesn't necessarily make sense, say "AlmondsMakeFineGrenades" is difficult for both humans and machines to guess, but easy to remember.

Tl;Dr: an xkcd comic explaining it much better than I just did 😁

[–] itslilith@lemmy.blahaj.zone 3 points 3 days ago

Use that, but only for the handful of passwords that you

a) need to remember regularly, even when you don't have access to your password manager b) need to be really secure

I'd say email and banking are the obvious ones. For everything else, rely on a good (self-managed, open source) password manager. Sure, a passphrase beats any human-memorable password, but it doesn't stand a chance against my 250bit entropy machine generated passwords. And thanks to KeepassXC I never have to type any of them. And sure, you can secure your password manager's database with a passphrase, if you're so inclined

load more comments (16 replies)