Redditors on the subreddit r/Bitwarden are debating whether passwords or passphrases that rhyme are less secure.
“A passphrase should always be 100% randomly generated. You shouldn’t be thinking of anything. And make it more than three words, please,” said one Redditor.
Would a rhyming passphrase be less secure?
byu/hydraSlav inBitwarden
While many of us are guilty of using a sequence of numbers like 1234 in our passwords and passphrases, these poor practices may be the leading cause of account takeover.
A study commissioned by Forbes Advisor in 2024 revealed that roughly 35% of people think their accounts have been hacked due to the use of weak passwords.
But is rhyming our passwords or passphrases a cybersecurity flop? Redditors seem to think so, and information from the Cybersecurity and Infrastructure Security Agency (CISA) seems to corroborate this.
For optimal safety and security, passwords and passphrases should be around 16 characters long or longer.
They should also be completely random – “like a string of mixed-case letters, numbers, and symbols (the strongest!) or a passphrase of 4-7 random words,” CISA says.
Therefore, rhyming passwords that are naturally associated with one another don’t seem to fall into the category of strong passwords.
Redditors also agree that rhyming passwords are less secure as there are rhyming dictionaries that hackers could leverage, which reduces “the space of password guesses even further.”
When asked, Bitwarden generates passwords that are generally random, containing uppercase and lowercase letters as well as numbers.
For example – A7nRVKZKmxzFPM9x.
This would take “centuries” to crack, according to the password manager as the password is generally strong.
However, when I asked ChatGPT to come up with a strong rhyming password that I could use for my account, it came up with this:
SkyHighFly123!
When entered into Bitwarden’s password tester, it said that this password, despite having consecutive numbers and rhyming words, the password is said to be strong by Bitwarden’s standards and would take roughly 22 years to crack.
When tested on NordPass, the same password would take centuries to crack and is also seen as a strong password.
Another AI-generated password didn’t yield very good results.
BrightNight456! – was said to be a strong password by Bitwarden but would be easily cracked, with the estimated time taking only 26 days.
However, this Reddit post specifically talks about passphrases, which are different from passwords.
Passphrases are generally longer than passwords and consist of a sequence of words. They’re typically considered stronger than the traditional password.
When I entered an AI-generated passphrase into Bitwarden, it said that the passphrase was very strong and would take centuries to break.
So, are they actually insecure?
Reddit and the internet remain divided.
Your email address will not be published. Required fields are markedmarked