XKCD does Information Security

XKCD hits one out of the park, yet again.

To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.

I’ve been pointing this principle out for years, but it seems like the people actually responsible for information security don’t seem to care, because they keep requiring people to use the “8-12 characters, at least 1 uppercase, 1 number or symbol” format like what’s shown in the first panel, rather than arbitrary length passphrases that are so much more secure.


Previous Post
Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: