@skye Randall Munroe did the math for #XKCD: "correct horse battery staple"
https://xkcd.com/936/
#PasswordStrength #CorrectHorseBatteryStaple
#CorrectHorseBatteryStaple
I just published “Generating Passphrases Like correct horse battery staple” at
https://www.ii.com/passphrase-generators/ - please post suggestions for passphrase generators as a reply to this toot and I'll include them in my article!
#InfiniteInk #Privacy #Security #Tech #Passwords #Passphrases #CorrectHorseBatteryStaple
#Words #Writing #Byℵ #ByNM
With all of this talk of dopey spreadsheet errors, there is strong temptation for that hacker to take over @keefeglise's account again. We must find some alternative completely non-#economics subject to counteract that with.
In the current emergency it might have to involve all four of Essex, jazz, lunch, and plants.
You saw the #EssexJazzLunchPlants hashtag here first, people.
And no, that is not a password.(-:
Sometimes, plain logic is not correct:
[As in #correcthorsebatterystaple from https://xkcd.com/936/]
@kevlin Weird rules like special characters aren't even useful. They just annoy people and make putting actual good passwords more annoying #CorrectHorseBatteryStaple
Done it again...
#CorrectHorseBatteryStaple
https://xkcd.com/2937/
Ich habe, zum Anlass des "Ändere dein Passwort"-Tages, einen zehn Jahre alten Artikel zum Thema Passwortsicherheit aus meinem Archiv gekramt und etwas überarbeitet neu veröffentlicht.
Ich hoffe, ich habe keinen Pferdeb̶a̶t̶t̶e̶r̶i̶e̶s̶t̶a̶p̶e̶l̶fuß dabei übersehen.
https://caspari.saarland/sicherer-umgang-mit-passwoertern
#ITSec #Sicherheit #Security #Passwort #CorrectHorseBatteryStaple
How does one advertise with roast pork coffee donuts anyway?
We've had over a decade of "correct horse battery staple", and there are people who *still* don't understand.
I saw one explainer on YouTube, done this year, where the poster completely missed the important point that the advantage was that humans could memorize random words more easily than random ASCII characters.
... and that the table doesn't get anywhere near the password length of "correcthorsebatterystaple" to show how long that would take.
Mind you, many people would guess it in 1 nowadays. (-:
#CorrectHorseBatteryStaple because I had to use a staple to correct my battery's polarity ±
@gozzy It's been tried a couple of times, but the debunking always turn out to be faulty. Bruce Schneier's attempt was taken to task at https://security.stackexchange.com/q/62832/6216 for example.
See the Explain #XKCD that I pointed and https://security.stackexchange.com/q/6095/6216 and https://crypto.stackexchange.com/q/62597/69022 for a lot more alternative ways of understanding this.
@gozzy It has been over a decade since that was published, and word has got all over the place, "normal folk" actually do know this stuff now.
@gozzy Not true. Easy to memorize passwords are better, as they contain more bits that need guessing _and_ are easier for humans.
https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
You have remembered #correcthorsebatterystaple already. (-:
@glenn_wilhide Not the case, given that I was told about "correcthorsebatterystaple" years ago and that article repeats the advice. The Washington Post may not have kept up, but many of the rest of us have.
https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
@dgar Do you realise that this post will trigger a #correcthorsebatterystaple response by some readers?
I admit, I still wonder why so many password fields accept only a limited (or extremely limited) sunset of available characters. This isn't the (19) 70s anymore.
… Apart from the whole #CorrectHorseBatteryStaple aspect (➙ https://xkcd.com/936/)
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst