Maybe there could be a section with good password examples.
Ziggy741 (talk | contribs) 21:08, 8 January 2017 (UTC)

Yeah, or maybe a section explaining how to make a good password.
Bigpuppy Logo.png bigpuppy talk | contribs 21:52, 8 January 2017 (UTC)
Maybe!
Ziggy741 (talk | contribs) 21:54, 8 January 2017 (UTC)
There, I added a section called "Ways to make a good password," however it needs updating.
Bigpuppy Logo.png bigpuppy talk | contribs 22:20, 8 January 2017 (UTC)

Should I add a section on how to change your password or will you (the creator) do it yourself?
Kenny2scratch (talk | contribs) 07:11, 26 January 2017 (UTC)

I personally don't think one is needed, because there is already How can I reset my password?.
Bigpuppy Logo.png bigpuppy talk | contribs 20:16, 5 February 2017 (UTC)

Merge

This shouldn't be merged because passwords aren't usernames.
Ziggy741 (talk | contribs) 02:15, 17 January 2017 (UTC)

Yeah, and so we don't get them confused, I think we should keep them separate.
Bigpuppy Logo.png bigpuppy talk | contribs 16:06, 17 January 2017 (UTC)
Okay.
Ziggy741 (talk | contribs) 16:18, 17 January 2017 (UTC)

"Good passwords"

The section explaining how to write a good password doesn't actually help to make effective passwords. It only serves to make people think their account is secure without actually adding much security while at the same time making the passwords much harder to remember.

The strength of a password can be measured by the number of possible passwords you can have of a given format (this is basically entropy in information theory).

Substitutions, for example, only multiply the number of possible combinations by 2x where x is the possible number of substitutions that could be made (for example, "microsoft" has four places where substitutions could be made to "m1cr0$0ft"). In that case, that would multiply the number of combinations by 24=16. While that may seem like a lot, let me give you two contrasting formats, one using techniques suggested in the article and one not:

Case 1: The article's suggestions Format: Use an uncommon word, perform substitutions, possibly capitalize the first letter, add two symbols at the end (numbers or common symbols). Here are the possible amount of combinations:

  • Word: 171,476 (the number of words in the Oxford English Dictionary)
  • Substitutions: 16 (assuming four possible substitutions in a word, which is a reasonable guess)
  • Capitalized?: 2 (the first letter is either capitalized or not, which gives two combinations)
  • Two symbols: 900 (this is assuming that 30 "symbols" are available, which is reasonably close to the amount a normal user would use, having 10 keys and about 20 other symbols)

The total number of combinations is 171,476*16*2*900=4.9*109

An example of this password would be Lux3mb0urg%7. That is difficult to remember.

Case 2: The easier way to remember Format: Four common English words

  • Word 1: 3,000 (according to the OED, 3,000 words account for 95% of all English usage)
  • Word 2: 3,000
  • Word 3: 3,000
  • Word 4: 3,000

The total number of combinations is 3,0004=8.1*1013.

An example of this password would be shoetrashwindowjacket. That password is much easier to remember.

The second format results in a password that is approximately 104 times stronger than the first, but at the same time is much easier to remember. We need to improve the article so that people stop making passwords that are hard to remember and easy for computers to guess simply based on the premise of making users think they're doing something for their security. The reason I'm posting this detailed explanation is that it's not intuitively obvious until you do the math, so I want to make sure everybody knows that I'm not making the guide less secure. Is everyone ok with improving the guide with this information?
jvvg (talk | contribs) 04:21, 21 February 2017 (UTC)

You certainly have a good point.
Turkey3 (talk | contribs) 16:12, 21 February 2017 (UTC)
Do you think that it would be okay to have numbers at the end?
Ziggy741 (talk | contribs) 16:25, 21 February 2017 (UTC)
Adding numbers at the password does help some (each digit you add multiplies the number of combinations by 10), but it's still harder to remember numbers than words, and each word you add at the end multiplies the number of combinations by 3,000, so adding a common word is equivalent to about 3 digits but much easier to remember.
jvvg (talk | contribs) 20:05, 21 February 2017 (UTC)
I put the inaccurate template on the section about making good passwords. So are we going to change the article?
Ziggy741 (talk | contribs) 15:59, 25 February 2017 (UTC)
I think we should change it but we need to find a simpler way to explain why the format I specified is good, as I don't think anybody wants to read through all of that, and it's not exactly obvious.
jvvg (talk | contribs) 21:55, 25 February 2017 (UTC)
This certainly is a good point. Go ahead and change it (though you really don't need my approval for that). I do understand what you mean... Change this article for the better! (Or, I can also change it myself if you want, of course.)
Kenny2scratch logo.jpg kenny2scratch  Talk  Contribs  Directory 
00:53, 1 June 2017 (UTC)