Re: passwords vs. passphrases

[Geoffrey Steven Nathan <geoffnathan () WAYNE EDU>]

It seems that the result of this discussion is that neither passwords nor passphrases are secure. We now know that 
easily available tools can crack even long passwords, and that utilizing grammatical parsing tools (POS taggers) can 
make passphrases easy to crack too (and it's not just being 'grammatically correct'--anything resembling English will 
be crackable). 

The take-home: we should not be relying on pass[word/phrase]s in the first place. Of course, we'll never convince the 
auditors of that. So we'll continue to inconvenience and annoy our users, while at the same time knowing (amongst 
ourselves) that it's for no good reason, and doesn't make them or us any safer. Kinda like airport security... 

Sigh... 

Geoff 


Geoffrey S. Nathan 
Faculty Liaison, C&IT 
and Professor, Linguistics Program 
http://blogs.wayne.edu/proftech/ 
+1 (313) 577-1259 (C&IT) 

Nobody at Wayne State will EVER ask you for your password. Never send it to anyone in an email, no matter how authentic 
the email looks.