{"id":2834,"date":"2011-08-16T10:03:33","date_gmt":"2011-08-16T15:03:33","guid":{"rendered":"http:\/\/www.blackgate.net\/blog\/?p=2834"},"modified":"2011-08-16T10:03:33","modified_gmt":"2011-08-16T15:03:33","slug":"complex-passwords-are-not-more-secure","status":"publish","type":"post","link":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/","title":{"rendered":"&#8220;Complex&#8221; passwords are not more secure"},"content":{"rendered":"<p>I have been saying for years that passwords, as a concept, need to go away. As implemented, <a href=\"http:\/\/opsecblog.wordpress.com\/2011\/02\/17\/5-reasons-why-passwords-dont-work\/\">passwords don&#8217;t work<\/a>, and the ludicrous &#8220;complexity&#8221; requirements imposed my many companies are little more than a guarantee that the user will write their password down, which is one of the <a href=\"http:\/\/www.youtube.com\/watch?v=nURXXThUAhY\">easiest ways for a system to be compromised<\/a>.<\/p>\n<p>Here&#8217;s a cartoon from xkcd that illustrates why ridiculous password policies don&#8217;t even make sense from a security perspective.<\/p>\n<p><a href=\"http:\/\/imgs.xkcd.com\/comics\/password_strength.png\"><img decoding=\"async\" src=\"http:\/\/imgs.xkcd.com\/comics\/password_strength.png\" alt=\"password strength\" height=\"250\" \/><\/a><\/p>\n<p>The gist of it is this: long passwords (passphrases, actually) are more secure than short ones.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have been saying for years that passwords, as a concept, need to go away. As implemented, passwords don&#8217;t work, and the ludicrous &#8220;complexity&#8221; requirements imposed my many companies are little more than a guarantee that the user will write their password down, which is one of the easiest ways for a system to be [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[],"class_list":["post-2834","post","type-post","status-publish","format-standard","hentry","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>&quot;Complex&quot; passwords are not more secure - Blackmoor Vituperative<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&quot;Complex&quot; passwords are not more secure - Blackmoor Vituperative\" \/>\n<meta property=\"og:description\" content=\"I have been saying for years that passwords, as a concept, need to go away. As implemented, passwords don&#8217;t work, and the ludicrous &#8220;complexity&#8221; requirements imposed my many companies are little more than a guarantee that the user will write their password down, which is one of the easiest ways for a system to be [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/\" \/>\n<meta property=\"og:site_name\" content=\"Blackmoor Vituperative\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/bblackmoor\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/bblackmoor\" \/>\n<meta property=\"article:published_time\" content=\"2011-08-16T15:03:33+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/imgs.xkcd.com\/comics\/password_strength.png\" \/>\n<meta name=\"author\" content=\"bblackmoor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/bblackmoor_\" \/>\n<meta name=\"twitter:site\" content=\"@bblackmoor_\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"bblackmoor\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/\"},\"author\":{\"name\":\"bblackmoor\",\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/#\\\/schema\\\/person\\\/bb04cdbf863652f366c64e81805d6c4f\"},\"headline\":\"&#8220;Complex&#8221; passwords are not more secure\",\"datePublished\":\"2011-08-16T15:03:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/\"},\"wordCount\":100,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/#\\\/schema\\\/person\\\/bb04cdbf863652f366c64e81805d6c4f\"},\"image\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/imgs.xkcd.com\\\/comics\\\/password_strength.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/\",\"url\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/\",\"name\":\"\\\"Complex\\\" passwords are not more secure - Blackmoor Vituperative\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/imgs.xkcd.com\\\/comics\\\/password_strength.png\",\"datePublished\":\"2011-08-16T15:03:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/#primaryimage\",\"url\":\"http:\\\/\\\/imgs.xkcd.com\\\/comics\\\/password_strength.png\",\"contentUrl\":\"http:\\\/\\\/imgs.xkcd.com\\\/comics\\\/password_strength.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/complex-passwords-are-not-more-secure\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8220;Complex&#8221; passwords are not more secure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/\",\"name\":\"Blackmoor Vituperative\",\"description\":\"But in the end it&#039;s only a passing thing, this shadow; even darkness must pass.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/#\\\/schema\\\/person\\\/bb04cdbf863652f366c64e81805d6c4f\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/#\\\/schema\\\/person\\\/bb04cdbf863652f366c64e81805d6c4f\",\"name\":\"bblackmoor\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/bg_sigil_lg.png\",\"url\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/bg_sigil_lg.png\",\"contentUrl\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/bg_sigil_lg.png\",\"width\":900,\"height\":900,\"caption\":\"bblackmoor\"},\"logo\":{\"@id\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/bg_sigil_lg.png\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/bblackmoor\",\"https:\\\/\\\/www.instagram.com\\\/bsblackmoor\\\/\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/bblackmoor_\"],\"url\":\"https:\\\/\\\/www.blackgate.net\\\/blog\\\/author\\\/bblackmoor\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\"Complex\" passwords are not more secure - Blackmoor Vituperative","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/","og_locale":"en_US","og_type":"article","og_title":"\"Complex\" passwords are not more secure - Blackmoor Vituperative","og_description":"I have been saying for years that passwords, as a concept, need to go away. As implemented, passwords don&#8217;t work, and the ludicrous &#8220;complexity&#8221; requirements imposed my many companies are little more than a guarantee that the user will write their password down, which is one of the easiest ways for a system to be [&hellip;]","og_url":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/","og_site_name":"Blackmoor Vituperative","article_publisher":"https:\/\/www.facebook.com\/bblackmoor","article_author":"https:\/\/www.facebook.com\/bblackmoor","article_published_time":"2011-08-16T15:03:33+00:00","og_image":[{"url":"http:\/\/imgs.xkcd.com\/comics\/password_strength.png","type":"","width":"","height":""}],"author":"bblackmoor","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/bblackmoor_","twitter_site":"@bblackmoor_","twitter_misc":{"Written by":"bblackmoor"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/#article","isPartOf":{"@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/"},"author":{"name":"bblackmoor","@id":"https:\/\/www.blackgate.net\/blog\/#\/schema\/person\/bb04cdbf863652f366c64e81805d6c4f"},"headline":"&#8220;Complex&#8221; passwords are not more secure","datePublished":"2011-08-16T15:03:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/"},"wordCount":100,"commentCount":0,"publisher":{"@id":"https:\/\/www.blackgate.net\/blog\/#\/schema\/person\/bb04cdbf863652f366c64e81805d6c4f"},"image":{"@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/#primaryimage"},"thumbnailUrl":"http:\/\/imgs.xkcd.com\/comics\/password_strength.png","articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/","url":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/","name":"\"Complex\" passwords are not more secure - Blackmoor Vituperative","isPartOf":{"@id":"https:\/\/www.blackgate.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/#primaryimage"},"image":{"@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/#primaryimage"},"thumbnailUrl":"http:\/\/imgs.xkcd.com\/comics\/password_strength.png","datePublished":"2011-08-16T15:03:33+00:00","breadcrumb":{"@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/#primaryimage","url":"http:\/\/imgs.xkcd.com\/comics\/password_strength.png","contentUrl":"http:\/\/imgs.xkcd.com\/comics\/password_strength.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.blackgate.net\/blog\/complex-passwords-are-not-more-secure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.blackgate.net\/blog\/"},{"@type":"ListItem","position":2,"name":"&#8220;Complex&#8221; passwords are not more secure"}]},{"@type":"WebSite","@id":"https:\/\/www.blackgate.net\/blog\/#website","url":"https:\/\/www.blackgate.net\/blog\/","name":"Blackmoor Vituperative","description":"But in the end it&#039;s only a passing thing, this shadow; even darkness must pass.","publisher":{"@id":"https:\/\/www.blackgate.net\/blog\/#\/schema\/person\/bb04cdbf863652f366c64e81805d6c4f"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.blackgate.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.blackgate.net\/blog\/#\/schema\/person\/bb04cdbf863652f366c64e81805d6c4f","name":"bblackmoor","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.blackgate.net\/blog\/wp-content\/uploads\/2022\/06\/bg_sigil_lg.png","url":"https:\/\/www.blackgate.net\/blog\/wp-content\/uploads\/2022\/06\/bg_sigil_lg.png","contentUrl":"https:\/\/www.blackgate.net\/blog\/wp-content\/uploads\/2022\/06\/bg_sigil_lg.png","width":900,"height":900,"caption":"bblackmoor"},"logo":{"@id":"https:\/\/www.blackgate.net\/blog\/wp-content\/uploads\/2022\/06\/bg_sigil_lg.png"},"sameAs":["https:\/\/www.facebook.com\/bblackmoor","https:\/\/www.instagram.com\/bsblackmoor\/","https:\/\/x.com\/https:\/\/twitter.com\/bblackmoor_"],"url":"https:\/\/www.blackgate.net\/blog\/author\/bblackmoor\/"}]}},"_links":{"self":[{"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/posts\/2834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/comments?post=2834"}],"version-history":[{"count":1,"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/posts\/2834\/revisions"}],"predecessor-version":[{"id":2835,"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/posts\/2834\/revisions\/2835"}],"wp:attachment":[{"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/media?parent=2834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/categories?post=2834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.blackgate.net\/blog\/wp-json\/wp\/v2\/tags?post=2834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}