One feature of good password schemes is that you have some way to recover lost passwords.
Let’s say I chose as my password: “Tithptacsp,aiwwitcwwcaelp”. That password has plenty of entropy if you just look at it.
Then I might write down in some not “Entropy isn’t sufficient to measure − 3-1”. This allows me to go back to this post to look up the third paragraph and take the first sentence of it. Then I find the sentence “This is typically how people think about choosing strong passwords, and it works well in the case where we’re choosing among equally likely passwords” and can reconstruct “Tithptacsp,aiwwitcwwcaelp”. Sentences are also generally good mnemonics.
If someone would however know that I’m using LessWrong as my source for passwords this way, that would allow them to just go through all sentences on LessWrong posts which radically reduces the entropy.
One feature of good password schemes is that you have some way to recover lost passwords.
Let’s say I chose as my password: “Tithptacsp,aiwwitcwwcaelp”. That password has plenty of entropy if you just look at it.
Then I might write down in some not “Entropy isn’t sufficient to measure − 3-1”. This allows me to go back to this post to look up the third paragraph and take the first sentence of it. Then I find the sentence “This is typically how people think about choosing strong passwords, and it works well in the case where we’re choosing among equally likely passwords” and can reconstruct “Tithptacsp,aiwwitcwwcaelp”. Sentences are also generally good mnemonics.
If someone would however know that I’m using LessWrong as my source for passwords this way, that would allow them to just go through all sentences on LessWrong posts which radically reduces the entropy.