Klaus Zimmermann's Corner

It really amuses me how some seemingly simple things can spur an enourmous amount of arguments. Take password strength, for instance.

When Randall Munroe posted this famous comic about how correct horse battery staple can be a much stronger password than your l33t_h4xoR666-style passwords, an entire new category of discussions arose, dragging in even people like Bruce Schneier in the mix.

xkcd's "Correct Horse Battery Staple"

The simpler something is, the better it is to use, adapt, and study, and a password policy is no different. People suck at generating random values; let the computer do this for you. And if you need one master password to manage these for you, use Diceware.

What do you use to manage your passwords?