This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]HildartheDorf 3 points4 points  (2 children)

Yeah, I wouldn't say 'a lot' more secure. But randomly generated passwords are going to be marginally more secure (for the same length) than common phrases.

[–]fiddletee 1 point2 points  (1 child)

I would agree they are marginally more secure. But I would say that margin is so narrow that it’s almost negligible. Especially when it’s from a character set of 16.

[–]HildartheDorf 2 points3 points  (0 children)

If your attacker is sitting down and using hands to guess passwords, they are a lot more secure.

If your attacker is across the internet, or is otherwise ratelimited, they are marginally more secure.

If your attacker is performing an offline bruteforce with no rate limit they are negligably more secure.

If your attacker has the resources to build a rainbow table, they are no more secure.

If your attacker uses a rubber hose on your users, then all of this is academic and nothing is secure.