Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!news.stack.nl!newsfeed.xs4all.nl!newsfeed4a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.008 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'subject:password': 0.05; 'context': 0.07; 'pypi': 0.07; 'subject: [': 0.09; 'subject:PyPI': 0.09; 'vast': 0.09; 'guess.': 0.16; 'length.': 0.16; 'optionally': 0.16; 'password,': 0.16; 'subject:Password': 0.16; 'subject:strategy': 0.16; 'wrote:': 0.18; 'subject:] ': 0.20; 'machine': 0.22; 'rules': 0.22; 'header:User-Agent:1': 0.23; 'finally,': 0.24; 'least': 0.26; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'generally': 0.29; 'characters': 0.30; 'easier': 0.31; 'consisting': 0.31; 'noted': 0.31; 'common': 0.35; 'something': 0.35; 'but': 0.35; 'passwords': 0.36; 'thank': 0.38; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'easy': 0.60; "you're": 0.61; 'places': 0.64; '"most': 0.84; 'improvement': 0.84; 'television': 0.91; 'remember,': 0.93 Date: Tue, 26 Aug 2014 02:45:31 -0500 From: Andrew Berg User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Subject: Password strategy [OT] was: PyPI password rules References: In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [2601:2:4780:2fd:3cfa:1b41:db29:34df] X-ClientProxiedBy: BN3PR0301CA0081.namprd03.prod.outlook.com (25.160.152.177) To CY1PR0301MB0844.namprd03.prod.outlook.com (25.160.163.150) X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;UriScan:; X-Forefront-PRVS: 03152A99FF X-Forefront-Antispam-Report: SFV:NSPM; SFS:(979002)(6009001)(51704005)(24454002)(189002)(199003)(21056001)(88552001)(75432001)(65956001)(87266999)(42186005)(85306004)(2351001)(83322001)(47776003)(80022001)(107886001)(80316001)(551544002)(229853001)(95666004)(77096002)(81342001)(90102001)(85852003)(46102001)(83506001)(107046002)(54356999)(76176999)(50986999)(106356001)(50466002)(4396001)(65806001)(86362001)(64126003)(76482001)(20776003)(89122001)(65816999)(105586002)(23676002)(64706001)(77982001)(101416001)(79102001)(83072002)(74502001)(81542001)(74662001)(92566001)(110136001)(59896002)(92726001)(33656002)(99396002)(87976001)(102836001)(31966008)(89472002)(3826002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:; SCL:1; SRVR:CY1PR0301MB0844; H:[IPv6:2601:2:4780:2fd:3cfa:1b41:db29:34df]; FPR:; MLV:ovr; PTR:InfoNoRecords; MX:1; A:0; LANG:en; Received-SPF: None (protection.outlook.com: my.HennepinTech.edu does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aberg010@my.HennepinTech.edu; X-OriginatorOrg: my.hennepintech.edu X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 18 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1409039154 news.xs4all.nl 2838 [2001:888:2000:d::a6]:55785 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:77029 On 2014.08.26 01:16, Chris Angelico wrote: > A huge THANK YOU to whoever set the rules for PyPI passwords! You're > allowed to go with a monocase password, as long as it's at least 16 > characters in length. Finally, someone who recognizes XKCD 936 > passwords! > > And yes, I generated an XKCD 936 password for the job. My parrot is > good at that... uses a dictionary consisting of every word ever noted > by her, and can optionally trim it to "most common N words" for any > given value of N. While a vast improvement over the kinds of passwords many places would like to impose, xkcd 936 passwords can still be difficult to remember. I prefer phrases with context (and proper punctuation and capitalization if practical). Something with context is generally easy for a human to remember, but difficult for a machine to guess. "keyboard television barf machine" or "Yay for the download counter!" Which one is easier to remember and harder to guess?