2. Security
● Password security = difficulty to guess
● More possible passwords = harder to guess
● Longer and more complex passwords = better
passwords
5. Traditional Benefits
● High per-character entropy
– Permits small passwords that are still secure
● Good in situations where password length is
limited
6. Traditional Harms
● Hard to remember
● Bad User Habits
– Post-its
– Forms of sharing (e.g. email)
● Low-overall entropy
9. Note on Worst-Case Phrase
● Entropy of Dictionary Attack relies on word set
picked from (and assuming hacker knows/uses
this dictionary with no additional words)
● Larger word set = more secure
● 2200 formal noun generators exist
● 7776 common word algorithm exists
– Log2
(77766
) = 77.55
15. Entropy Recommendations
● Recent paper suggests entropy at least ~75 for
vital info
● This means >12 random characters or six
random words from 7776 word dictionary (7
words from 2048 word dictionary)