this post was submitted on 20 Oct 2023
1526 points (98.9% liked)

Programmer Humor

32479 readers
413 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago (3 children)

More than to protect a real password, this is done (in my experience) to prevent a bunch of unoriginal drones make that THEIR password, because they think is funny, which only means the string gets added to a "passwords to attempt" text list on some hacking website ....

Decreasing security all together

Case in point: Hunter2, correcthorsebatterystaple, solarwinds123 and Pa$$w0rd1

[–] [email protected] 5 points 1 year ago (2 children)

I mean, the philosophy behind correcthorsebatterystaple is good. I used that method for master passwords to password managers and it really does work well to help you remember a long complex password that can't be guessed easily.

But some people might have been missing the point of that xkcd using correcthorsebatterystaple itself.

[–] [email protected] 7 points 1 year ago (1 children)

It's okay. The thing is when running an attack are you going to permutate through every combination of characters, or are you going to use words from a dictionary first? correcthorsebatterystaple (not a dictionary word) is better than antidisestablishmentarianism (a dictionary word) but in a realistic attack concatenating dictionary words is going to be the next step.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Because of the number of potential words in the dictionary, it's still fairly secure. I would recommend 5 or 6 words though