Re: [Full-disclosure] guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time)

On 3/26/06, J. Theriault <administrator@maginetworks.com> wrote:

... Why not just encourage your users to use a "passphrase" instead of a "password", such as using a (with proper grammar) book/movie quote or phrase?

excessive typing == unnecessary leaked information and longer auth process (acoustic, profiling, easier pattern discovery, etc.) i don't have a problem supporting a passphrase mode (>16 chars? >32?) but i'd rather not make it the default. (and the default is and must be the most secure and usable path for this to be trustworthy and widely usable)