UNCOMMON (NON-GIBBERISH) BASE WORD

ORDER UNKNOWN

CAPS?

COMMON SUBSTITUTIONS

NUMERAL

PUNCTUATION

YOU CAN ADD A FEW MORE BITS TO ACCOUNT FOR THE FACT THAT THIS IS ONLY ONE OF A FEW COMMON FORMATS

~28 BITS OF ENTROPY

2²⁸ = 3 DAYS AT 1000 GUESSES PER SECOND

PLAUSIBLE ATTACK ON A WEAK REMOTE WEB SERVICE. YES, CRACKING A STOLEN HASH IS FASTER, BUT IT'S NOT WHAT THE AVERAGE USER SHOULD WORRY ABOUT

DIFFICULTY TO GUESS:

EASY

WAS IT "TROMBONE"? NO, "TROUBADOR". AND ONE OF THE Os WAS A ZERO? AND THERE WAS SOME SYMBOL...

DIFFICULTY TO REMEMBER:

HARD

correct

horse

battery

staple

FOUR RANDOM COMMON WORDS

~44 BITS OF ENTROPY

2⁴⁴ = 550 YEARS AT 1000 GUESSES PER SECOND

THAT'S A BATTERY STAPLE

{{15e846299a73401f544eafea13cb031ef55cba37}}

YOU'VE ALREADY MEMORIZED IT

THROUGH 20 YEARS OF EFFORT, WE'VE SUCCESSFULLY TRAINED EVERYONE TO USE PASSWORDS THAT ARE HARD FOR HUMANS TO REMEMBER, BUT EASY FOR COMPUTERS TO GUESS.