this post was submitted on 20 Oct 2023
1527 points (98.9% liked)
Programmer Humor
32448 readers
992 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
More than to protect a real password, this is done (in my experience) to prevent a bunch of unoriginal drones make that THEIR password, because they think is funny, which only means the string gets added to a "passwords to attempt" text list on some hacking website ....
Decreasing security all together
Case in point: Hunter2, correcthorsebatterystaple, solarwinds123 and Pa$$w0rd1
I mean, the philosophy behind correcthorsebatterystaple is good. I used that method for master passwords to password managers and it really does work well to help you remember a long complex password that can't be guessed easily.
But some people might have been missing the point of that xkcd using correcthorsebatterystaple itself.
It's okay. The thing is when running an attack are you going to permutate through every combination of characters, or are you going to use words from a dictionary first? correcthorsebatterystaple (not a dictionary word) is better than antidisestablishmentarianism (a dictionary word) but in a realistic attack concatenating dictionary words is going to be the next step.
Because of the number of potential words in the dictionary, it's still fairly secure. I would recommend 5 or 6 words though