http://emergentchaos.com/archives/2007/08/obscenities-in-passwords.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://emergentchaos.com/archives/2007/08/obscenities-in-passwords.html/comment-page-1#comment-3854 David Brodbeck Thu, 09 Aug 2007 20:30:54 +0000 http://emergentchaos.com/?p=2452#comment-3854 I think this is a case of advice being parroted so many times that the original reason for it has been forgotten. Originally, the reason for telling people to include a digit or punctuation mark in their password (and other "password complexity" rules of this ilk) was to ensure they wouldn't use a simple dictionary word. The set of English words is much smaller than the set of random strings containing letters and numbers, and many an automated tool has broken into accounts by simple naive guessing of words from a dictionary. As you point out, though, this doesn't help at all if you're randomly generating the password to begin with. I think this is a case of advice being parroted so many times that the original reason for it has been forgotten. Originally, the reason for telling people to include a digit or punctuation mark in their password (and other “password complexity” rules of this ilk) was to ensure they wouldn’t use a simple dictionary word. The set of English words is much smaller than the set of random strings containing letters and numbers, and many an automated tool has broken into accounts by simple naive guessing of words from a dictionary. As you point out, though, this doesn’t help at all if you’re randomly generating the password to begin with.

]]>