Remember, security against cracking is a combination of <i>password strength</i> and <i>key derivation function strength</i>. Nothing will save you if your password is "password". Not much will save you if your password is hashed with MD5.<p>But scrypt can be over 100,000,000 time stronger than MD5 -- so if you're using scrypt you can afford to use a password which is 100,000,000 times weaker. "jdtwbv" hashed using scrypt is stronger than "H.*W8Jz&r3" hashed using MD5.
> "This is an answer to the batteryhorsestaple thing."<p>Steube misunderstands the xkcd comic [1]. There's a really good comment which explains it: "It could be argued that Randall's example of 4 words is too short -- and indeed, for some applications, it is. However for a typical dictionary size, and genuinely random selection, it is massively stronger than "typical" passwords and in fact easily adequte to defeat the above-mentioned attacks." [2]<p>Emphasis on "genuinely random selection."<p>[1] <a href="https://xkcd.com/936/" rel="nofollow">https://xkcd.com/936/</a><p>[2] <a href="http://www.schneier.com/blog/archives/2013/06/a_really_good_a.html#c1483848" rel="nofollow">http://www.schneier.com/blog/archives/2013/06/a_really_good_...</a>
'<i>Also included in the list: "all of the lights" (yes, spaces are allowed on many sites), "i hate hackers," "allineedislove," "ilovemySister31," "iloveyousomuch," "Philippians4:13," "Philippians4:6-7," and "qeadzcwrsfxv1331." "gonefishing1125" was another password Steube saw appear on his computer screen. Seconds after it was cracked, he noted, "You won't ever find it using brute force."</i>'<p>If you won't ever find "gonefishing1125" using brute force, how on earth did they find "qeadzcwrstxv1331"?
Passwords are broken and I really wish we would all move away from them. Persona is a nice idea with regards to privacy and control, but it's still a password that you need to remember, which can be cracked. Also, people generally don't use strong passwords.<p>What irks me is that every OS in use today has support for strong cryptography and browser vendors could easily integrate that. We would no longer register for a website, we would simply upload our "Online Identity" or whatever we called it. This of course is just an id_rsa.pub with maybe name and email in the comment. The remote site stores the public key and the browser authenticates using the private key, stored securely in the keychain.<p>This has the potential to be invisible to users, and thus used by default, and highly secure since the local keychain can generate incredibly strong keys, all behind the scenes.
I like schemes that have an explicit input of n random bits (or where you can at least have a good estimate on the entropy.) With the Schneier Scheme I can not be sure of the actual entropy of my password. Maybe my brain only generates a relatively small set of sentences which can be reverse-engineered from my comments on HN? :-)<p>A good algorithm would take n bits and map them uniquely to a set of strings that are easy to remember for a human. The apg utility does something like that.
Why not force the user to have strong login credentials?<p>I'm creating an online system that will store users' sensitive financial data. When setting up an account, the user will have to choose a password as normal, but will also be given a passphrase of the form "correct horse battery staple" that <i>they must write down</i>. To log in, the user will need to enter (a) username; (b) password; and (c) passphrase.<p>It is effectively a poor man's two-factor authentication - the second factor being the piece of paper containing the passphrase. I think it strikes a good balance between security, convenience and cost.<p>What do others think of this approach?
People seem to forget this important fact - That hashes get leaked. Without a hash corresponding to a user account it's quite hard to break in to a given account with a moderately reasonable password, even if the hash can be 'broken' in milliseconds.
One benefit of being a indian language speaker (or other language not in hackers dictionary) is we can easily choose reasonably secure passwords that are remember-able by simply using native language phrases (combined with numbers and mixed caps)