Add a little character to your passwords.

JoeEkaitis

Certified Gray Haired Geek
Kind Benefactor
Super Member
Registered
Joined
Mar 13, 2005
Messages
2,324
Reaction score
750
Age
69
Location
A wondrous land whose boundaries are that of imagi
Steve Gibson's Password Haystacks page dispels the conventional wisdom about passwords, i.e.: a long random string of characters takes longer to crack with a brute force attack than an easy to remember phrase.

It's not the apparent complexity but the range of characters you use. Create your password using upper case and lower case letters, numbers and whatever symbols are allowed and the password |ILike2Eat4Pancakes| is just as complex as ]A2n73\fnSq|nwPmwXX[ (1 out of 3,622,996,024,341,650,240,846,169,344,922,329,517,120 20-character passwords from 95 possible characters).

Rule of thumb: use all of the available characters a website allows to make an easy to remember password and you'll be just as safe as letting your cat walk across the keyboard to generate a random password.
 
Last edited:

robjvargas

Rob J. Vargas
Banned
Joined
Dec 9, 2011
Messages
6,543
Reaction score
511
Steve Gibson's Password Haystacks page dispels the conventional wisdom about passwords, i.e.: a long random string of characters takes longer to crack with a brute force attack than an easy to remember phrase.

That's not wrong.

Then again, no security expert with whom I've interacted has said this. There are four criteria generally accepted:

  • Nine or more characters in length
  • At least one capital and one small letter
  • At least one number
  • At least one "non standard" character ( like (,#,/,),@ and so on)

And if at least three of those criteria are met, that's considered a strong password. There are suggestions on how to apply these criteria. Like substituting numbers or symbols for certain letters. I've never seen randomness used as a criterion, though, except in high-security situations where password are kept in a kind of software "vault" and changed after each use (generally referred to as OTP, or One Time Passwords).