Better password practices:
- Use Linux. I’m only half-kidding. A Linux distro will have you typing your password in far more than you ever thought you should have to, giving you much more practice with password memorization.
- Chunk the passwords, like phone numbers. am!z - _hBg - kj47 - GEW is easier to memorize than am!z_hBgkj47GEW.
- Use a password manager.
- Use a password manager.
You forgot about people using auto login and their user added to the nopasswd group
Or learn your passwords like our ancestors did. If something strikes you as poetic use it as a long password. I still remember an XKCD with “Correct Horse Battery Staple”.
I don’t know where the entropy is at these days so I’m not sure exactly how many words are recommended at this point, but the issue with passphrases is that you have to treat each word like it’s one character. Instead of a lot of symbols, now you need a lot of words for a strong passphrase. It also has to be random assortments of words that make no sense, so passages out of any documents are not a good idea. That XKCD strip is definitely outdated because 4 words wasn’t enough even 10 years ago.
deleted by creator
I’ve long been of the opinion that passwords on their own aren’t fit for purpose.
2FA has to be the way, surely? Most people are going to be a lot more careful with their phone than with a post-it note.
2FA generally still requires a password though… It’s just adding a second thing for OPs manager to bitch about.
It does, but it’s still better than knowing your customer database is just “qwerty123!” away from being accessed by anybody who guesses it, or gets it from a basic phishing email.
I just made my password “ILikeSuckingDonaldTrumpsPenis” so that even if you know it, you would have to type it in and now all the metrics about you sent to Big Tech directly through your keyboard will say you like sucking Donald Trump’s penis. 😌
