This post will be a tangent from my password security thread. I wanted to discuss some of what I consider to be interesting facts about passwords and security.
The "strength" of a password is determined by several factors. For example, a lot of sites require your password to contain lowercase (a-z), uppercase (A-Z), numbers (0-9), and symbols (!, @, #, $, etc.). The more of these different categories you use the more "secure" your password is. If you use a lot of repetitive letters that weakens your password. So "1$eDDDD" is weaker than "aB#d63r" They are both the same length, but because the first repeats the letter 'D' it is considered weaker.
Another aspect that weakens passwords is the use of words and names. For example "3David@" is a weak password, as is "!32House" Passwords like this, with words and names in them, are more susceptible to what's called a dictionary attack. Basically the attacker uses a list of works and names in an effort crack your password.
However, the way to make the strongest password possible is actually overlooked the most. It has been shown that the overall length of a password is by far the best way to improve password security. Let's compare the following two passwords; "e$5Ty_Q" and "chocolate bear house river" The first contains lowercase, uppercase, symbols and numbers whereas the second only contains lowercase. The first does not contain real words whereas the second is nothing but real words. Despite all this, the second password is far more "secure" simply because it's 26 characters long whereas the first only contains 7. Now, if the first password were longer it would be more secure. So "05gFxiTCrpsWADudUckJ" is more secure than "chocolate bear house river" although the second is easily remembered by a human. So what's the take home lesson? If you need a secure password, think less about complexity which is hard to remember, and think more about length.
Although even better, and easier to remember is:
ReplyDelete"ch0c0l!t3 b3ar hOuse r!v3r"
that gives you best of both :)