I just ran across a totally fascinating article by Jesper Johansson about the use of passphrases instead of passwords. I switched to using passphrases after reading Robert Hensing’s blog post from July, and I’ve not gone back. Robert’s post recently showed up rather prominently on FullDisclosure, so Jesper’s article is rather timely (btw, Jesper’s article is the second of three, the first can be found here)
Jesper takes a far more formal look at the concept of using a passphrase instead of a password, and comes to the somewhat surprising conclusion that a passphrase isn’t necessarily more secure than a password. They can be more secure, but according to Jesper, a 5-6 word passphrase is just about as strong as a 9 character password.
Either way, it’s a fascinating article.