One of our developers was researching best recommendations on password requirements for a new project. The discussion naturally led us back to the classic Password Strength comic from XKCD.
The comic includes the (good) advice to use memorable-but-nonsensical passphrases rather than passwords, with the delightful example:
correct horse battery staple.
This developer ended up reading some password guidance from the Canadian government. We were delighted to discover that the Canadian government’s own official password guidance includes the XKCD example verbatim, including a Canadian bilingual twist:
“Passphrases are easier to remember and can be as secure as shorter, more complex passwords.
- Choose 4 or 5 randomly selected words (for example,
correct horse battery staple).
- Include words from another language (for example,
correct cheval battery staple).”
They also had this great follow-up advice: “Don’t use any of the password examples given above.”