Welcome to the AbsoluteWrite Water Cooler! Please read The Newbie Guide To Absolute Write

Results 1 to 2 of 2

Thread: Add a little character to your passwords.

  1. #1
    Resident Corning Ware junkie JoeEkaitis's Avatar
    Join Date
    Mar 2005
    Location
    A wondrous land whose boundaries are that of imagination. Well, OK, a little podunk town in SoCal.
    Posts
    2,269

    Add a little character to your passwords.

    Steve Gibson's Password Haystacks page dispels the conventional wisdom about passwords, i.e.: a long random string of characters takes longer to crack with a brute force attack than an easy to remember phrase.

    It's not the apparent complexity but the range of characters you use. Create your password using upper case and lower case letters, numbers and whatever symbols are allowed and the password |ILike2Eat4Pancakes| is just as complex as ]A2n73\fnSq|nwPmwXX[ (1 out of 3,622,996,024,341,650,240,846,169,344,922,329,517, 120 20-character passwords from 95 possible characters).

    Rule of thumb: use all of the available characters a website allows to make an easy to remember password and you'll be just as safe as letting your cat walk across the keyboard to generate a random password.
    Last edited by JoeEkaitis; 03-25-2012 at 11:04 PM.

  2. #2
    Dust Bunnies are NSA Agents! robjvargas's Avatar
    Join Date
    Dec 2011
    Location
    IL, USA.
    Posts
    5,749
    Quote Originally Posted by JoeEkaitis View Post
    Steve Gibson's Password Haystacks page dispels the conventional wisdom about passwords, i.e.: a long random string of characters takes longer to crack with a brute force attack than an easy to remember phrase.
    That's not wrong.

    Then again, no security expert with whom I've interacted has said this. There are four criteria generally accepted:

    • Nine or more characters in length
    • At least one capital and one small letter
    • At least one number
    • At least one "non standard" character ( like (,#,/,),@ and so on)


    And if at least three of those criteria are met, that's considered a strong password. There are suggestions on how to apply these criteria. Like substituting numbers or symbols for certain letters. I've never seen randomness used as a criterion, though, except in high-security situations where password are kept in a kind of software "vault" and changed after each use (generally referred to as OTP, or One Time Passwords).
    I am free because I know that I alone am morally responsible for everything I do.
    -Robert A. Heinlein-

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Custom Search