We've all seen the (numerous) best practice docs on long, complex passwords being the hardest to crack (if you're using brute force and a password hashing methodology that doesn't have a Rainbow Table available for it, that is) and how, logically, a passphrase (like a sentence, complete with punctuation and spaces) makes for a very good, complex, long password with the bonus that it is more memorable (for normal humans) than the 13375p3@|<>
So, I was resetting my LiveID this AM, and being a good user was dropping in a passphrase instead of a password.
Examine the image, particularly the text circled in red.
Can you fathom advocating passphrases as a good idea, and then NOT SUPPORTING them in one of the larger online identity schemes out there?
OK, I'm done.
