Discussion in 'General Software' started by ShiBDiB, Aug 14, 2012.
Whether its true or not as far as difficulty to crack I dunno.. but I chuckled
I think it is correct. Whatever is trying to defeat a password has no way of knowing whether or not non-lower case letters were used. It also doesn't know where one word starts and another stops. Password length is always guarented to make a password stronger. Randomness of characters is established by the rules in creating the password, not necessarily the password itself.
Yes, i hate those "Must contain a CAPITAL letter a lower case letter and a numb3r". It doesnt help anyone. You are more likely to write it down - compromising local security - or you will spend HOURS asking the server to "reset" password because you cant remember it. HOW MUCH HUMAN DOWNTIME is due to recovering and resetting passwords?
Just make the password length minimum longer, ie, 10 not 8 letters.
This pic was in a feature story on password strength that was on Ars or Anand a couple months ago. Can't find the link, but it was a great article on password security, etc for those interested.
IMHO Token in your mobile phone is the answer. I'd rather have one simple password and a token than to waste my time and nerves on recovery.
Microsoft is now enforcing unsecure passwords.
It's a cartoon. It makes no sense. It doesn't take the type of attack into consideration. Nor does it take the hash type into consideration. Your password could be kga;ogjwgoijhnwogn;ff3339tutjngowagn....but with a MD5 hash, it wouldn't take a good password cracker 20 minutes to crack it with newer hardware.
Your password could be donkeyshytb@llz but it's encrypted with SHA512. Good luck.
EDIT: 1000 guesses per second? I don't even remember a GPU that slow. Now that's funny.
Separate names with a comma.