I preformed a small experiment using random passwords and passphrases generated by Bitwarden, a popular password manager. My objective was to analyze their entropy and security.

What "AI" thinks entropy looks like.

Through the experiment, I discovered that passwords comprising 28–30 random letters/symbols and passphrases consisting of 6–7 lowercase English words generally exhibited similar levels of entropy. However, passphrases demonstrated varying entropy due to the presence of both weaker and stronger words. In contrast, passwords displayed a more consistent entropy profile.

Based on this finding, I concluded that passwords are well-suited for accounts where password resets are feasible, allowing for regular updates to enhance security. On the other hand, passphrases excel in “zero knowledge” scenarios, such as login information for password managers like Bitwarden, where direct access to login info is unavailable. The same applies to crypto currency seed phrases, which cannot be retrieved by any central party.

Furthermore, passphrases offer the added benefit of ease of copying when written down. Despite a prevailing bias towards random passwords, passphrases are equally effective at safeguarding digital assets, despite their human-readable nature.

I hope this short post sheds light on the nuanced differences between passwords and passphrases, helping people make informed decisions about the level of security required for different accounts and circumstances.

Links 🔗:

https://www.rumkin.com/tools/password/ How strong is your entropy? 🔐

https://www.craiyon.com I generated image using prompt; “insights from entropy”.

Thanks for Reading!!