infosec4all.com

In September 2000, professor Ros Anderson and his associates published a paper titled: “Memorability and Security of Passwords – Some Empirical Results.” Eight years later, there are still some useful lessons that can be learned. I find them useful when writing password policies and educating users.

 ”[...]  uers can’t remember strong passwords and that the passwords they can remember are easy to guess. [...] However [...] passwords based on mnemonic phrases are just as hard to crack as random passwords yet just as easy to remember as naive user selections.[...]