Jesper M. Johansson, Ph.D., ISSAP, CISSP is a Security Program Manager at Microsoft. The second part of his three-part article on the use of passwords vs. passphrases was recently published.

The Great Debates: Pass Phrases vs. Passwords

Part One** -** coveres the fundamentals of passwords and pass phrases, how they are stored, and so on
Part Two** -** discusses the relative strength of each type of password, and use some mathematical approaches for illustration

  • Part Three - offers some conclusions and guidance on how to choose passwords and configure a password policy

In this installment, he looks at three arguments for the use of pass-phrases:

Claim 1: Users Can Remember Pass Phrases
Claim 2: Longer is Stronger

  • Claim 3: Pass Phrases Can Have More Randomness

This is a great read, worth the time for anyone who works in the security field or in IT operations and security. I am looking forward to the third installment, as well. Jesper has a powerful way of cutting to the heart of the arguments and coming out the other end of the conversation with good facts in tow.