Multi-word passphrases not all that secure, says Cambridge
Think that a passphrase of multiple, random dictionary words is as unguessable as long strings of gibberish, but easier to remember?
Research from the Computer Laboratory at the University of Cambridge suggests that this might not be so.
While passphrases using dictionary words may not be as vulnerable as individual passwords, they may still be cracked by dictionary attacks, the research found.
Security researcher Joseph Bonneau reports, in a recent paper (pdf) written with Ekaterina Shutova, that his team studied the problem by turning not to the theoretical space of choices but rather the real-life passphrases that people actually string together.
To find such a selection of passphrases, his team used data crawled from the now-defunct Amazon PayPhrase system, introduced last year for US users only.
Continued : http://nakedsecurity.sophos.com/2012/03/19/multi-word-passphrases/