What happens if someone tries guessing passphrases?

[evoked]

Hi..

quick question..what happens if someone guesses passphrases randomly 

[Drexme]

If they guess yours, then it must be 1, 2, 3... 

[evoked]

If they guess yours, then it must be 1, 2, 3... 

haha i had a feeling that was the answer 

[Evan]

I have the same question. Since anyone can run the client and try the phrase locally, the attacker does not need to target at a specific account, he can just try the phrase. If he happens to enter an account that has nxt coins in it, he just send them to his own account. So, isn't it very insecure to enter accounts just by using phrase?  Please correct me if I am wrong.

[bizz]

I have the same question. Since anyone can run the client and try the phrase locally, the attacker does not need to target at a specific account, he can just try the phrase. If he happens to enter an account that has nxt coins in it, he just send them to his own account. So, isn't it very insecure to enter accounts just by using phrase?  Please correct me if I am wrong.

If it has enough entropy it's safe. Here is one example how to get safe pass phrase:

http://world.std.com/~reinhold/diceware.html

[Drexme]

Use this to check how secure your password is
https://howsecureismypassword.net/ it would take

Mine would take "31 sesvigintillion years" to crack.

[NextHead]

My phrase is 18+ characters w/ complexity... in other words, good luck.

It would be nice if there was some type of validation check. If the passphrase doesn't meet certain complexity requirements or at the very least, put a big fat warning somewhere.

[Drexme]

My phrase is 18+ characters w/ complexity... in other words, good luck.

It would be nice if there was some type of validation check. If the passphrase doesn't meet certain complexity requirements or at the very least, put a big fat warning somewhere.

This is a great idea.

[Evan]

So, what's the advantage of using a phrase over just using private keys?

[Come-from-Beyond]

So, what's the advantage of using a phrase over just using private keys?

Keys can be stolen and u have to move them around if u want to use ur wallet on other computer.

[LiQio]

So, what's the advantage of using a phrase over just using private keys?

Keys can be stolen and u have to move them around if u want to use ur wallet on other computer.

plus a pass-phrase (long as it might and has to be, can be memorized), whereas memorizing a typical private key is not feasible for the normal brain 

[Skorm]

My pass phrase is +30 and I think ... it should suffice and even if I have to store it somewhere, there are lots of possibilities to ensure safety (Trucrypt for example).

There's a discussion on reddit about safety concerns ongoing http://www.reddit.com/r/Bitcoin/comments/1ptuf3/

[Evan]

So, what's the advantage of using a phrase over just using private keys?

Keys can be stolen and u have to move them around if u want to use ur wallet on other computer.

I use a randomly generated phrase so that it is safe enough, but I cannot remember it, then I use a password manager softerware to store it. To me, it turns out to work like a key in the end 

[mcjavar]

What speaks against a username+password log in combination?

[luhao007]

What speaks against a username+password log in combination?

username+password means there need to be an authorize server to do the check and if there is a server there is risk to be hacked in,or stolen by the bad ass web admin.

Right now it more looks like a generic public key/private key generation. So if you have your private key (your pass code) you can use any client to unlock your wallet and no one can steal your pass code as it is not store anywhere.