Silkie Carlo posted this image on Twitter as useful for a “how to make a password” discussion:
You only have two (2) options to avoid password embarrassment:
- Never get hacked. (the worst strategy)
- Use strong passwords along with a routine of changing them.
If you need advice on what strong passwords, see the FAQ for cryptsetup.
If your own cybersecurity isn’t enough of a motivation for using strong passwords, do you want your name, along with a weak password to come up for years in discussions of weak passwords?
It is a form of fame but I would prefer to avoid the honor.
You?
PS: Embarrassment is perhaps the only known downside to having a weak password, for a user. “Privileged users” had weak passwords at OPM. Ditto for Sony. Now at Hacking Team. Have I missed reports of punitive dismissals?
The theory seems to be that everyone is stupid and therefore individuals should not be penalized for being stupid in particular instances. It may be true that everyone is stupid about somethings but the parameters for strong passwords are known. Stupidity should not be tolerated for problems with known solutions.