Home

Passquote

Passquote is a proposed form of user authentication based on a passphrase derived from a quotation. In a Passquote system, a user selects a passquote, often a sentence or longer excerpt, that they can remember. The system converts the passquote into a cryptographic secret using a key derivation function with a per-user salt. The resulting secret can serve as a password substitute or as part of a multi-factor setup. Proponents argue that long, meaningful quotes can provide strong entropy while remaining memorable.

Background: The term appears in security discussions as an extension of passphrase concepts. The security of

Implementation considerations: A Passquote system uses a key derivation function (such as Argon2, scrypt, or PBKDF2)

Reception and status: Passquote is not standardized and remains a topic of debate. Advocates emphasize improved

See also: passphrase, password, authentication, password manager.

a
passquote
hinges
on
the
quote’s
length
and
uniqueness,
and
on
implementation
details
such
as
the
strength
of
the
hash
function,
the
use
of
salt,
and
resistance
to
offline
guessing.
with
a
per-user
salt
to
derive
a
secret
from
the
passquote.
It
can
be
used
as
a
password
substitute
or
with
additional
factors.
Benefits
include
memorability
and
longer
input;
drawbacks
include
exposure
risk
if
quotes
are
public
and
susceptibility
to
social
engineering.
Mitigations
include
minimum
length
and
entropy
requirements,
rate
limiting,
and
optional
multi-factor
authentication.
memorability
and
longer
input;
critics
warn
of
reduced
anonymity
if
quotes
are
widely
known
and
of
the
need
for
careful
entropy
assessment
and
robust
enforcement
of
security
controls.