Password Strength

Today's XKCD, "Password Strength"...

... has been a topic that has been on my mind for a while and I'm quite pleased to see it come up in a comic. Ever since I read this interesting article on The Usability of Passwords (it's an old story but it re-emerged or at least fell into my scope of reading in May this year) I'm finding myself using simple phrases more and more as they're more secure and easier to remember. I can't use phrases for every site and host I log into as far too many sites still seem to think complexity = security, but I do where I can.

I really hope this cartoon, and this research from this paper (PDF) by Philip Inglesant and M. Angela Sasse from University College London, (which concludes that we've trained our users to use passwords that computers can easily guess and humans can't possibly remember) will make sysadmins and website developers realise that dogmatic password policies around complexity are more likely to be detrimental to security than advantageous.