You are viewing a single comment's thread from:

RE: A brief rant on password security [Edit: Not so brief after all]

in #security8 years ago (edited)

Having used pwSafe for many years I recently switched to Dashlane. I find it to be a sound replacement for pwSafe and it does let you put in memorable and long passwords - just need the little extras as you mentioned.
I would recommend Dashlane to most people.
Thanks for the good article.

Sort:  

The trouble with Dashlane is that they are implementing a policy which (1) makes passwords harder to remember, which is insecure, and (2) are promoting a password security anti-pattern, namely, that adding more character types for the sake of adding more character types makes your password more secure. It doesn't; both in theory and in practice, it makes the password strictly less secure.

It's theoretically less secure because by bounding out possible passwords, you guarantee to attackers that they don't have to try guessing several entire classes of password.

It's practically less secure because it funnels the vast majority of people into just a few different common password formats which check all the boxes, and are easy to remember, but also happen to be easy to guess.