|
|
|
|
|
|
by owenjonesuk
4091 days ago
|
|
|
I discovered Diceware a few months ago when looking for a password generation scheme for my company. We were just letting people choose their own passwords before, which I don't think is a good idea. I really like it. My only annoyance, which isn't really the fault of Diceware, is that for lots of passwords I am required to have a capital letter, a digit and/or a special character. Obviously this is to try and increase the entropy in the password, but I know that I have enough entropy in my diceware password and I just want something easy to type. I also discovered the password strength estimator zxcvbn at about the same time. It's pretty clever. It works out which password generation schemes could be used to generate your password and then uses that information to calculate the entropy correctly (assuming the attacker would know what scheme you used). |
|
|
I think that if you implement Diceware at your company, people will still choose their own passwords. It's easier, and how would you prove they didn't?