How Secure Are Multi-Word Random Passphrases?
Talk Abstract: Passphrases in the style of XKCD 936 or Diceware have gained popularity, but are they secure enough and practical to use? They seem like a good compromise between security and memorability, but why did Bruce Schneier say using them is "no longer good advice"? This session investigates popular passphrase generation schemes, and examines the characteristics that determine the passphrase strength. We will also review whether the average person finds these passphrases easier to use than passwords, and if they're practical to use in most cases.
More recently in October 2016 I presented an updated version of this presentation for the ISSA Kansas City chapter. I recommend reviewing this content instead of the original presentation. You can find these slides here (PDF).
This page was created as a reference to my PasswordsCon 15/BSidesLV 2015 talk, How Secure Are Multi-Word Random Passphrases? Here is a link to my original presentation slides (PDF) and here is the video of the session: