Everywhere you need a password, the requirements follow a basic pattern: X length; must contain (or not contain?!?) lowercase, uppercase, digits, and symbols; must be rotated every Y days. But is that enough? This talk rethinks how we approach password strength, or “entropy”, in the real world.
There are many people who create passwords nonrandomly and think they’re making their passwords look random, but many common “clever” tricks aren’t so, and in fact are very guessable. Rather than calculating entropy as if the passwords were created randomly, we can find new and clever ways of calculating entropy given this knowledge.