Password strategy [OT] was: PyPI password rules
Chris Angelico
rosuav at gmail.com
Tue Aug 26 03:50:12 EDT 2014
On Tue, Aug 26, 2014 at 5:45 PM, Andrew Berg
<aberg010 at my.hennepintech.edu> wrote:
> On 2014.08.26 01:16, Chris Angelico wrote:
>> A huge THANK YOU to whoever set the rules for PyPI passwords! You're
>> allowed to go with a monocase password, as long as it's at least 16
>> characters in length. Finally, someone who recognizes XKCD 936
>> passwords!
>>
>> And yes, I generated an XKCD 936 password for the job. My parrot is
>> good at that... uses a dictionary consisting of every word ever noted
>> by her, and can optionally trim it to "most common N words" for any
>> given value of N.
> While a vast improvement over the kinds of passwords many places would like to
> impose, xkcd 936 passwords can still be difficult to remember. I prefer phrases
> with context (and proper punctuation and capitalization if practical).
> Something with context is generally easy for a human to remember, but difficult
> for a machine to guess.
>
> "keyboard television barf machine" or "Yay for the download counter!"
> Which one is easier to remember and harder to guess?
As long as your sentence will be hard to guess, it's going to fit the
requirements anyway. And by the look of it, PyPI will accept that
password too. (Tip: Do not actually use either of the above
passwords.) What I like doing is running my 936 generator until I see
something that creates a picture in my head. (It usually doesn't take
very many tries.) That's what makes the password memorable.
ChrisA
More information about the Python-list
mailing list