So I found this comic while reading about bitcoin privacy. I never thought about it this way.
I guess it makes sense that you don't really need complicated password, hard to remember, just put it in a phrase which computer will take ages to solve even though its easy to remember for you in particular.
But couldn't this make it easier for people to know you to break to your passwords? Still I guess it would be pretty difficult.
This unironically made me think. What are your thoughts, /tech/?
ugh, I'll start with something that makes sense first and then move to harder passwords later. Really need to do a cleanup in my PC files and stuff first...
>make it easier to break your passwords
A few considerations:
You are supposed to use random dictionary words, not a phrase you make up yourself.
The "Entropy" mentioned is a measure of pure randomness, so even if someone knows you used this method you can be sure of your safety if the entropy was high enough.
Personally I think this comic is a great advance in security for normies, but if you care about this sort of stuff you must to combine it with opsec.
The first principle is to know your adversary, which in practice means you choose an adversary to defend against.
For example: Your bank account might attract professional crackers with scripts for dictionary attacks and fuzzing, but they don't know you personally so a nonrandom passphrase may well protect against them. Your friends and family may know about your interests, but you might bet on them not having the expertise to build a dictonary and run scripts. If a bank employee or the state by extention wants access, your password aint gonna do shit. So even though your bank account is a high-profile target a nonrandom passphrase is surprisingly secure.
This does make assumptions about your situation. If all your personal information is available online it's possible to build a dictionary to solve your passphrase. Don't put personal information online. Personally I have some close friends who have the expertise to build a dictonary e.g. from all the emails I sent them, so I have to be more careful in selecting the passphrase, that's what random words are for.
The second principle is to know who has access. E.g. Who has access to your desk and does this provide a path for information to leak to the adversaries you chose? If not you can leave all the sensitive stuff right there on your desk.
Things like *not writing down passwords* is literally just to keep normies from leaving things in the wrong places. I consider my wallet and keychain as secure storage: They are not wont to leave my side/sight for long, so those are places I can safely keep written-down passwords. I do have to plan for losing my wallet/keychain and what kind of people may get their hands on it, my banking password isn't in there for example.
You can also think about how much risk you are willing to take. How long does it take before you notice an attack? How much is the adversary going to spend on you? Anyone willing to spend a week's worth of computing just on one of my passwords can have it; Well, most of them.
TLDR: passphrases are fine for your bitcoin wallet iff you don't have facebook.