On Passwords
Apr. 2nd, 2014 10:44 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
the_fantastic_ms_fox XKCD is actually wrong here. If password format is easy to memorize in such a easy as to make it easy to predict, it means that people can program for it. The words-only password system is actually vulnerable to what's called a "dictionary hack" as you can teach a computer to guess random words, and then apply that as a brute-force cracking technique proportionately to the use of the above method.
[NAME REDACTED] - your modification is on the right track here, but adding CamelCase only adds one more bit of entropy, unless it is done irregularly, in which case it becomes one bit per word or, if you shuffle your caps into the words, one bit per letter. The number at the end adds about 3.5 bits per number.
This being said, brute-force password cracking is rare. It's more likely for someone to phish for it, find your written-down copy, or perhaps look over your shoulder and recognize common words as you type them
I would recommend using oblique references to things that (1) only you, the user, care about - and (2) which are hard for other people to look up. A way that only you misspelled a word when you were a child. An imaginary language that you made up. Part of a friend's old rotary phone number that you don't have written down. You can even write down clues for yourself to help remember.
Example:
skleP9301arushaN
I know what this refers to. And it's easy for me to remember. No-one else does. I could even post the clues on my facebook and no-one would guess it.