Add a little character to your passwords.
Steve Gibson's Password Haystacks page dispels the conventional wisdom about passwords, i.e.: a long random string of characters takes longer to crack with a brute force attack than an easy to remember phrase.
It's not the apparent complexity but the range of characters you use. Create your password using upper case and lower case letters, numbers and whatever symbols are allowed and the password |ILike2Eat4Pancakes| is just as complex as ]A2n73\fnSq|nwPmwXX[ (1 out of 3,622,996,024,341,650,240,846,169,344,922,329,517, 120 20-character passwords from 95 possible characters).
Rule of thumb: use all of the available characters a website allows to make an easy to remember password and you'll be just as safe as letting your cat walk across the keyboard to generate a random password.
Last edited by JoeEkaitis; 03-25-2012 at 11:04 PM.
That's not wrong.
Originally Posted by JoeEkaitis
Then again, no security expert with whom I've interacted has said this. There are four criteria generally accepted:
- Nine or more characters in length
- At least one capital and one small letter
- At least one number
- At least one "non standard" character ( like (,#,/,),@ and so on)
And if at least three of those criteria are met, that's considered a strong password. There are suggestions on how to apply these criteria. Like substituting numbers or symbols for certain letters. I've never seen randomness used as a criterion, though, except in high-security situations where password are kept in a kind of software "vault" and changed after each use (generally referred to as OTP, or One Time Passwords).