More than to protect a real password, this is done (in my experience) to prevent a bunch of unoriginal drones make that THEIR password, because they think is funny, which only means the string gets added to a “passwords to attempt” text list on some hacking website …
Decreasing security all together
Case in point: Hunter2, correcthorsebatterystaple, solarwinds123 and Pa$$w0rd1
I mean, the philosophy behind correcthorsebatterystaple is good. I used that method for master passwords to password managers and it really does work well to help you remember a long complex password that can’t be guessed easily.
But some people might have been missing the point of that xkcd using correcthorsebatterystaple itself.
It’s okay. The thing is when running an attack are you going to permutate through every combination of characters, or are you going to use words from a dictionary first? correcthorsebatterystaple (not a dictionary word) is better than antidisestablishmentarianism (a dictionary word) but in a realistic attack concatenating dictionary words is going to be the next step.
More than to protect a real password, this is done (in my experience) to prevent a bunch of unoriginal drones make that THEIR password, because they think is funny, which only means the string gets added to a “passwords to attempt” text list on some hacking website …
Decreasing security all together
Case in point: Hunter2, correcthorsebatterystaple, solarwinds123 and Pa$$w0rd1
I mean, the philosophy behind correcthorsebatterystaple is good. I used that method for master passwords to password managers and it really does work well to help you remember a long complex password that can’t be guessed easily.
But some people might have been missing the point of that xkcd using correcthorsebatterystaple itself.
It’s okay. The thing is when running an attack are you going to permutate through every combination of characters, or are you going to use words from a dictionary first? correcthorsebatterystaple (not a dictionary word) is better than antidisestablishmentarianism (a dictionary word) but in a realistic attack concatenating dictionary words is going to be the next step.
Because of the number of potential words in the dictionary, it’s still fairly secure. I would recommend 5 or 6 words though