#passphrases — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #passphrases, aggregated by home.social.
-
Strengthening Active Directory Password Rules Without Frustrating Users
Want to boost your Active Directory password security without driving users crazy? Ditch outdated complexity rules and switch to passphrases - longer, multi-word passwords that are easier to remember and harder for hackers to crack.
#ActiveDirectory #PasswordManagement #Passphrases #IdentitySecurity #Authentication
-
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
-
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
-
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
-
Exactly what I came here to say @joernsmock. Long strings of random characters are no harder for computers to guess than equally long strings made up of dictionary words. Epecially obscure or non-English words.
Claiming they are is a sales pitch for password managers vendors, not a security fact. Current passphrase advice reflects that XKCD comic, and suggests passphrases be long, memorable, and changed as infrequently as possible.
-
to be extra secure, consider including a newline, null byte, or bell character in your password or passphrase
-
to be extra secure, consider including a newline, null byte, or bell character in your password or passphrase
-
to be extra secure, consider including a newline, null byte, or bell character in your password or passphrase
-
Just had the interesting thought occur to me that I'd like #autocorrect in my passwords and that's not actually insane?
I use #passphrases everywhere and I think everyone should.
Sometimes however, I typo somewhere while typing the dozens of characters; requiring me to type the entire thing again.
However, words are the source of entropy in my passphrases, not their characters.
Therefore, correcting any word that is not on the word list to the closest word that is would not diminish entropy.
-
Just had the interesting thought occur to me that I'd like #autocorrect in my passwords and that's not actually insane?
I use #passphrases everywhere and I think everyone should.
Sometimes however, I typo somewhere while typing the dozens of characters; requiring me to type the entire thing again.
However, words are the source of entropy in my passphrases, not their characters.
Therefore, correcting any word that is not on the word list to the closest word that is would not diminish entropy.
-
Just had the interesting thought occur to me that I'd like #autocorrect in my passwords and that's not actually insane?
I use #passphrases everywhere and I think everyone should.
Sometimes however, I typo somewhere while typing the dozens of characters; requiring me to type the entire thing again.
However, words are the source of entropy in my passphrases, not their characters.
Therefore, correcting any word that is not on the word list to the closest word that is would not diminish entropy.
-
Just had the interesting thought occur to me that I'd like #autocorrect in my passwords and that's not actually insane?
I use #passphrases everywhere and I think everyone should.
Sometimes however, I typo somewhere while typing the dozens of characters; requiring me to type the entire thing again.
However, words are the source of entropy in my passphrases, not their characters.
Therefore, correcting any word that is not on the word list to the closest word that is would not diminish entropy.
-
In this week's ADMIN Update newsletter, Mark Heitbrink offers recommendations for team-capable password management
https://www.admin-magazine.com/Archive/2025/86/Passwords-passphrases-and-passkeys?utm_source=mam
#password #security #passphrases #passkeys #standards #guidelines -
In this week's ADMIN Update newsletter, Mark Heitbrink offers recommendations for team-capable password management
https://www.admin-magazine.com/Archive/2025/86/Passwords-passphrases-and-passkeys?utm_source=mam
#password #security #passphrases #passkeys #standards #guidelines -
In this week's ADMIN Update newsletter, Mark Heitbrink offers recommendations for team-capable password management
https://www.admin-magazine.com/Archive/2025/86/Passwords-passphrases-and-passkeys?utm_source=mam
#password #security #passphrases #passkeys #standards #guidelines -
In this week's ADMIN Update newsletter, Mark Heitbrink offers recommendations for team-capable password management
https://www.admin-magazine.com/Archive/2025/86/Passwords-passphrases-and-passkeys?utm_source=mam
#password #security #passphrases #passkeys #standards #guidelines -
In this week's ADMIN Update newsletter, Mark Heitbrink offers recommendations for team-capable password management
https://www.admin-magazine.com/Archive/2025/86/Passwords-passphrases-and-passkeys?utm_source=mam
#password #security #passphrases #passkeys #standards #guidelines -
It’s concerning how many people try to memorize #passwords like pX#7k!g and believe they’re safe.
That’s just way too few characters, and memorising is already almost impossible.
Instead of passwords, we should use #passphrases. They are easier to remember and, thanks to their greater length, significantly more secure – even if an attacker knows the list of words from which the phrase was constructed.
Passsatz can help with the creation. https://apps.apple.com/ch/app/passsatz/id6698877095
-
It’s concerning how many people try to memorize #passwords like pX#7k!g and believe they’re safe.
That’s just way too few characters, and memorising is already almost impossible.
Instead of passwords, we should use #passphrases. They are easier to remember and, thanks to their greater length, significantly more secure – even if an attacker knows the list of words from which the phrase was constructed.
Passsatz can help with the creation. https://apps.apple.com/ch/app/passsatz/id6698877095
-
It’s concerning how many people try to memorize #passwords like pX#7k!g and believe they’re safe.
That’s just way too few characters, and memorising is already almost impossible.
Instead of passwords, we should use #passphrases. They are easier to remember and, thanks to their greater length, significantly more secure – even if an attacker knows the list of words from which the phrase was constructed.
Passsatz can help with the creation. https://apps.apple.com/ch/app/passsatz/id6698877095
-
It’s concerning how many people try to memorize #passwords like pX#7k!g and believe they’re safe.
That’s just way too few characters, and memorising is already almost impossible.
Instead of passwords, we should use #passphrases. They are easier to remember and, thanks to their greater length, significantly more secure – even if an attacker knows the list of words from which the phrase was constructed.
Passsatz can help with the creation. https://apps.apple.com/ch/app/passsatz/id6698877095
-
It’s concerning how many people try to memorize #passwords like pX#7k!g and believe they’re safe.
That’s just way too few characters, and memorising is already almost impossible.
Instead of passwords, we should use #passphrases. They are easier to remember and, thanks to their greater length, significantly more secure – even if an attacker knows the list of words from which the phrase was constructed.
Passsatz can help with the creation. https://apps.apple.com/ch/app/passsatz/id6698877095
-
What is a password manager and are they safe?
It’s hard to remember every login and password we use in our day-to-day lives to protect everything from…
#NewsBeep #News #Business #arepasswordmanagerssafe #AU #Australia #databreach #DrSueletteDreyfus #freepasswordmanagers #GoharRind #howtokeeppasswordssafe #passphrases #passwordmanager #storingpasswords
https://www.newsbeep.com/au/12553/ -
I just published “Generating Passphrases Like correct horse battery staple” at
https://www.ii.com/passphrase-generators/ - please post suggestions for passphrase generators as a reply to this toot and I'll include them in my article!
#InfiniteInk #Privacy #Security #Tech #Passwords #Passphrases #CorrectHorseBatteryStaple
#Words #Writing #Byℵ #ByNM -
I just published “Generating Passphrases Like correct horse battery staple” at
https://www.ii.com/passphrase-generators/ - please post suggestions for passphrase generators as a reply to this toot and I'll include them in my article!
#InfiniteInk #Privacy #Security #Tech #Passwords #Passphrases #CorrectHorseBatteryStaple
#Words #Writing #Byℵ #ByNM -
I just published “Generating Passphrases Like correct horse battery staple” at
https://www.ii.com/passphrase-generators/ - please post suggestions for passphrase generators as a reply to this toot and I'll include them in my article!
#InfiniteInk #Privacy #Security #Tech #Passwords #Passphrases #CorrectHorseBatteryStaple
#Words #Writing #Byℵ #ByNM -
I just published “Generating Passphrases Like correct horse battery staple” at
https://www.ii.com/passphrase-generators/ - please post suggestions for passphrase generators as a reply to this toot and I'll include them in my article!
#InfiniteInk #Privacy #Security #Tech #Passwords #Passphrases #CorrectHorseBatteryStaple
#Words #Writing #Byℵ #ByNM -
I just published “Generating Passphrases Like correct horse battery staple” at
https://www.ii.com/passphrase-generators/ - please post suggestions for passphrase generators as a reply to this toot and I'll include them in my article!
#InfiniteInk #Privacy #Security #Tech #Passwords #Passphrases #CorrectHorseBatteryStaple
#Words #Writing #Byℵ #ByNM -
@gabe_sky
Great idea, thanks! Bookmarked.As chance would have it, I also built another useful thing, way back in 2015:
https://batterystaple.pw/ - generates secure #Passphrases entirely in your browser
Like you, I built it because I was not happy with the existing alternatives. Since then, I have been using it quite regularly, but I have no idea if anybody else uses it (nor a way to find out).
In any case, I will gladly continue to pay for the domain name!
-
@gabe_sky
Great idea, thanks! Bookmarked.As chance would have it, I also built another useful thing, way back in 2015:
https://batterystaple.pw/ - generates secure #Passphrases entirely in your browser
Like you, I built it because I was not happy with the existing alternatives. Since then, I have been using it quite regularly, but I have no idea if anybody else uses it (nor a way to find out).
In any case, I will gladly continue to pay for the domain name!
-
@gabe_sky
Great idea, thanks! Bookmarked.As chance would have it, I also built another useful thing, way back in 2015:
https://batterystaple.pw/ - generates secure #Passphrases entirely in your browser
Like you, I built it because I was not happy with the existing alternatives. Since then, I have been using it quite regularly, but I have no idea if anybody else uses it (nor a way to find out).
In any case, I will gladly continue to pay for the domain name!
-
@gabe_sky
Great idea, thanks! Bookmarked.As chance would have it, I also built another useful thing, way back in 2015:
https://batterystaple.pw/ - generates secure #Passphrases entirely in your browser
Like you, I built it because I was not happy with the existing alternatives. Since then, I have been using it quite regularly, but I have no idea if anybody else uses it (nor a way to find out).
In any case, I will gladly continue to pay for the domain name!
-
@gabe_sky
Great idea, thanks! Bookmarked.As chance would have it, I also built another useful thing, way back in 2015:
https://batterystaple.pw/ - generates secure #Passphrases entirely in your browser
Like you, I built it because I was not happy with the existing alternatives. Since then, I have been using it quite regularly, but I have no idea if anybody else uses it (nor a way to find out).
In any case, I will gladly continue to pay for the domain name!
-
Use strong, unique passphrases.
Passphrases are easier to remember and harder to crack.
#Passphrases #PasswordStrength #Authentication -
@evangreer @fightforthefuture.org @bsky.app @guardianproject @internetarchive @torproject @signalapp @session @simplex @freedomofpress @eff @privacysafe
🔐 #PrivacySafe Bot: Strong #passwords made simple.
Whether you’re setting up devices and user access ahead of time or recovering from a breach, get cryptographically strong passwords & #passphrases — right in your browser, on your device, never stored on a server.
https://bitsontape.com/p/password-bot-security -
@evangreer @fightforthefuture.org @bsky.app @guardianproject @internetarchive @torproject @signalapp @session @simplex @freedomofpress @eff @privacysafe
🔐 #PrivacySafe Bot: Strong #passwords made simple.
Whether you’re setting up devices and user access ahead of time or recovering from a breach, get cryptographically strong passwords & #passphrases — right in your browser, on your device, never stored on a server.
https://bitsontape.com/p/password-bot-security -
@evangreer @fightforthefuture.org @bsky.app @guardianproject @internetarchive @torproject @signalapp @session @simplex @freedomofpress @eff @privacysafe
🔐 #PrivacySafe Bot: Strong #passwords made simple.
Whether you’re setting up devices and user access ahead of time or recovering from a breach, get cryptographically strong passwords & #passphrases — right in your browser, on your device, never stored on a server.
https://bitsontape.com/p/password-bot-security -
@evangreer @fightforthefuture.org @bsky.app @guardianproject @internetarchive @torproject @signalapp @session @simplex @freedomofpress @eff @privacysafe
🔐 #PrivacySafe Bot: Strong #passwords made simple.
Whether you’re setting up devices and user access ahead of time or recovering from a breach, get cryptographically strong passwords & #passphrases — right in your browser, on your device, never stored on a server.
https://bitsontape.com/p/password-bot-security -
@evangreer @fightforthefuture.org @bsky.app @guardianproject @internetarchive @torproject @signalapp @session @simplex @freedomofpress @eff @privacysafe
🔐 #PrivacySafe Bot: Strong #passwords made simple.
Whether you’re setting up devices and user access ahead of time or recovering from a breach, get cryptographically strong passwords & #passphrases — right in your browser, on your device, never stored on a server.
https://bitsontape.com/p/password-bot-security -
8,192 French #Diceware word list for use with computers.
-
8,192 French #Diceware word list for use with computers.
-
8,192 French #Diceware word list for use with computers.
-
8,192 French #Diceware word list for use with computers.
-
8,192 French #Diceware word list for use with computers.
-
So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless
:finger_point: Encrypt everything, everywhere, all the time
:finger_point: VPN tunnels everywhere
:finger_point: PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
:finger_point: For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
:finger_point: Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
:finger_point: Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education. -
So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless
:finger_point: Encrypt everything, everywhere, all the time
:finger_point: VPN tunnels everywhere
:finger_point: PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
:finger_point: For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
:finger_point: Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
:finger_point: Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education. -
So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless
:finger_point: Encrypt everything, everywhere, all the time
:finger_point: VPN tunnels everywhere
:finger_point: PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
:finger_point: For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
:finger_point: Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
:finger_point: Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education. -
So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless
:finger_point: Encrypt everything, everywhere, all the time
:finger_point: VPN tunnels everywhere
:finger_point: PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
:finger_point: For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
:finger_point: Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
:finger_point: Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education. -
So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless
:finger_point: Encrypt everything, everywhere, all the time
:finger_point: VPN tunnels everywhere
:finger_point: PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
:finger_point: For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
:finger_point: Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
:finger_point: Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education. -
"The challenge in storing encrypted backup data is that strong encryption requires strong (or “high entropy”) cryptographic keys and passwords. Since most of us are terrible at selecting, let alone remembering strong passwords, this poses a challenging problem."
#MatthewGreen, 2020
This isn't as hard as people seem to think;
What's missing is education, including replacing "password" with "passphrase".