Talk:Password strength#Wikipedia password limits

This article includes the word inherence. While this is an English word, I doubt that it has anything to do with the topic of this article. We no longer believe that substances are made up of four elements. David Spector (talk) 16:26, 27 May 2021 (UTC)

:I haven't followed this article but it's probably someone's broken English. The phrase "inherently insecure" occurs later in the article and that might have been what they were referring to. Perhaps the idea being that it would be inherently insecure if I used "Johnuniq" as my password? At any rate, the lead looks like it was written by passers-by; it needs a rewrite. Johnuniq (talk) 03:39, 28 May 2021 (UTC)

:I suspect that "inherence" on this page (and the referred-to authentication factors page) is used more in the context of "the quality, state, or fact of inhering", where inhering is "to be inherent". Merriam Webster claims the first usage in this context was 1577. ie. Usage of the word is fine; it's a dictionary definition, not a wikipedia defn. Nroister (talk) 03:33, 2 August 2023 (UTC)

The section Entropy as a measure of password strength contains the following language:

:It is usual in the computer industry to specify password strength in terms of information entropy, which is measured in shannon (Sh) and is a concept from information theory. It can be regarded as the minimum number of bits necessary to hold the information in a password of a given type. Instead of the number of guesses needed to find the password with certainty, the base-2 logarithm of that number is given, which is commonly referred to as the number of "entropy bits" in a password, though this is not the same quantity as information entropy.

Later in the article, we discuss "bits of entropy" without defining the term. These are just two different phrases denoting the same thing, right? It would be helpful to be consistent, or at least provide a definition of "bits of entropy" before using it.

Comments? Mr. Swordfish (talk) 21:00, 17 September 2023 (UTC)

{{dashboard.wikiedu.org assignment | course = Wikipedia:Wiki_Ed/Marymount_university/Cybersecurity_Policy_(Spring_2024) | assignments = RKM757 | reviewers = Smallick84 | start_date = 2024-01-08 | end_date = 2024-04-30 }}

— Assignment last updated by MrLavoie (talk) 00:46, 20 February 2024 (UTC)

Hi all,

I have added a new subsection under the "Password guidelines" area, following the "NIST Guidelines" section.

The new section summarises the UK National Cyber Security Centre (NCSC) guidance on using the "Three Random Words" strategy for password creation.

The update highlights:

The focus on usability and memorability in modern password practices.

How three random words improve password length and user recall.

The psychological reasoning behind the approach (relating to natural human memory patterns).

Sources include the official NCSC website