How Secure Are Multi-Word Random Passphrases?

Presented at BSidesLV 2015, Aug. 5, 2015, 6 p.m. (25 minutes).

Passphrases in the style of XKCD 936 or Diceware have gained popularity, but are they secure enough and practical to use? They seem like a good compromise between security and memorability, but why did Bruce Schneier say using them is "no longer good advice"? This session investigates popular password generation schemes, and examines the characteristics that determine the passphrase strength. We will also review whether the average person finds these passphrases easier to use than passwords, and if they're practical to use in most cases.


Presenters:

  • Bruce Marshall - Founder - PasswordResearch.com
    Bruce is a security consultant that founded the PasswordResearch.com web site over a decade ago. He aims to introduce more professionals to new and existing authentication research so they can better justify secure system design and policy choices. He has previously shared his experiences with authentication and other topics at the Black Hat, SANS, and InfoSec World conferences.

Links:

Similar Presentations: