II am asking you, the best minds of my generation (nod to Alan Ginsberg), is this assertion about password strength correct?
Thanks,
Don
You are questioning xkcd?
Seems legit, especially when you consider that any character is the same from a computer's perspective. It doesn't care if it's punctuation, symbols, or whatever. It's just another character that can be just as easily guessed as anything else.
Password strength has more to do with length than selection of characters.
Several weeks ago (maybe more like 2 months or more ago) I read an article about this.
Don't remember where so don't ask. LinkedIn perhaps.
The article was strictly about requiring "strong" passwords and the math to back it up.
Being a former math major I can vouch for its accuracy. Simple finite math with permutations and combinations.
A simple password of 8 characters of case in-sensitive letters and numbers only can be hacked/figured out by a teenage with software they can get off the net for nothing.
That's only 36^8 permutations. 8 being the MINIMUM required length.
Now require at least one capital letter, a number, and a special character of say only 10 of them and now you are up to 78^8 possibilities. An exhaustive search of trial and error would have easily been defeated by a simple web site's check that the user hasn't tried to login a hundred times in the last second and blocks that IP right then.
That's my story and I'm sticking to it. B-)
E
I am on two sites that the password has to be changed every 6mos and a password can not be repeated. They both will reject ones they deem not strong enough. I am runnin out of ideas.....
A Harris, post: 344474, member: 81 wrote: I am runnin out of ideas.....
Your age in half-year increments, multiplied by the square root of 2...and insert an alphabetical character as the decimal; carried out to how ever many places is required.
A Harris, post: 344474, member: 81 wrote: I am runnin out of ideas.
I gave up trying to remember passwords years ago in favor of a password manager. I like Password Safe, which is open source. I have over 700 passwords for various accounts, no two alike.
Most important websites, like finacial websites, will give me about 5 incorrect tries before it locks me out. Also, they use other methods, like recognizing your computer. If it does not recognize the computer I'm on as being used before to log in, then it will ask me additional security questions.
The cartoon appears to come from XKCD, whose creator is quite technically knowledgeable. However, the analysis ignores dictionary attacks. Aren't they also a threat when common words are used?
It's supposed to be your mother's maiden name plus your wife's bra size plus the year you were born.
No, wait. It's your wife's maiden name plus your mother's bra size plus the year you lost your virginity.
Oops. That can't be it because computer nerds would then only have their mother's bra size to enter as the other two would be null.
I can't remember how old I am!!
" the best minds of my generation"
Although I'm in the above mentioned generation, the "best minds" attribute has long since diminished.;-)
Just use 123456 nobody will ever figure that one out.
The length of the password is far more important than about anything else in order to minimize problems. Each letter has 26 permutations (plus upper/lower case) and each number only has 10. Punctuation marks are limited to what is on a standard keyboard that you would be using.
Keeping one simple so that you can remember it with no problem might help people who know you to guess at it but to a search bug it's all symbols anyway. Using "worldsgreatestdad" probably won't work anyway because someone else is already using it.
Password...Strong AND True...
GreatestSurveyorInArkansas+sasnakrAnIroyevruStsetaerG
DDSM:beer:
I disagree with the "length = strength" mindset. If you know a website requires 8 characters you have a big jump start on hacking a password. If one had a four digit password on a site, the hacker would never discover your password because they would be trying eight plus.
vern, post: 344572, member: 3436 wrote: the hacker would never discover your password because they would be trying eight plus.
No hacker worth his bits would limit an automated assault to a particular password length unless he was certain it was a site requirement.
I' m liking the concept that a password should be true. Good point, Dan!
Don
