How Complex Does Your Password Have To Be?

[skyguy918]

True. But who is able to use a 20 character password without having to write it down? Or he will use something that is significant to him that he will remember. Those are both bigger security risks. An 8 character, with numbers, special characters, capitalization, that is random and memorable is ultimately a lot more secure.

Read up on how long it takes to crack such a password that is truly random.

What you're saying is incorrect. That was the point of the XKCD cartoon above. String together 4 random words that total 20 characters and your password is both vastly more difficult to crack, and easier to remember than 8 random characters.

[yelped]

What you're saying is incorrect. That was the point of the XKCD cartoon above. String together 4 random words that total 20 characters and your password is both vastly more difficult to crack, and easier to remember than 8 random characters.

Sorry, I missed that. You are right.

[Zalc]

https://xkcd.com/936/

https://explainxkcd.com/936/

Some cracker have started using dictionaries as sources to guess from, with each word treated as a letter.

In effect this becomes faster to crack if you use words directly from the dictionary, even if you use common substitutions (E.G. O-0).

But it should be pretty easy to make one of the words a non-dictionary word (Yiddish, anyone?) or incorrect punctuation.

[skyguy918]

Some cracker have started using dictionaries as sources to guess from, with each word treated as a letter.

In effect this becomes faster to crack if you use words directly from the dictionary, even if you use common substitutions (E.G. O-0).

But it should be pretty easy to make one of the words a non-dictionary word (Yiddish, anyone?) or incorrect punctuation.

That changes nothing. Do you know how many words are in the dictionary? Compare that to the maximum 96 character set for each character of a 6 or 8 character password.

ETA: Although I was actually going to mention Yiddish. Makes it super easy to be both easy to remember, as well as practically uncrackable. Just remember to use a phrase, not just a single word.

[Zalc]

That changes nothing. Do you know how many words are in the dictionary? Compare that to the maximum 96 character set for each character of a 6 or 8 character password.

Yes, but if you limit the guesses to the max of the password field, say 20 characters, you mitigate much of this.

What is the standard max length for a good website?

[aygart]

Some cracker have started using dictionaries as sources to guess from, with each word treated as a letter.

In effect this becomes faster to crack if you use words directly from the dictionary, even if you use common substitutions (E.G. O-0).

But it should be pretty easy to make one of the words a non-dictionary word (Yiddish, anyone?) or incorrect punctuation.

I often use various mixes of Hebrew words and gematria. Sometimes is tranliterate and sometimes use the keys of the Hebrew keyboard to type English for the corresponding gibberish.

[ExGingi]

I use a long sentence with spaces (for places that allow spaces and as a lastpass password). If spaces are allowed I believe it adds a level of security, as well as being able to use a loooong memorable sentence that might be meaningless to others.

[skyguy918]

Yes, but if you limit the guesses to the max of the password field, say 20 characters, you mitigate much of this.

What is the standard max length for a good website?

Not sure why you think that would change much of anything. Go back and read the article Boruch999 linked to. I guarantee you the dictionary based methods were included in their research, and they still found that length is the best indicator of strength.

[ChaimMoskowitz]

What is the standard max length for a good website?

18-20?

[yuneeq]

All of you discussing how you formulate your passwords are obviously reusing the same passwords on multiple websites, (unless you claim to remember 100+ passwords.)
This is the WORST idea you can have.

[ChaimMoskowitz]

All of you discussing how you formulate your passwords are obviously reusing the same passwords on multiple websites, (unless you claim to remember 100+ passwords.)
This is the WORST idea you can have.

+1

[skyguy918]

All of you discussing how you formulate your passwords are obviously reusing the same passwords on multiple websites, (unless you claim to remember 100+ passwords.)
This is the WORST idea you can have.

Speak for yourself. When you use an password manager, you need a master password. Same rules for good passwords apply there.

[ChaimMoskowitz]

Speak for yourself. When you use an password manager, you need a master password. Same rules for good passwords apply there.

This one is pretty simple to crack: 3Nz@g0DILJuPY!cFYXeSs6EJ

[mmgfarb]

It's not just about length of the password but also what the makeup of the password is, nobody really sits there and tries to brute force passwords anymore, they use databases of already cracked passwords and run those through instead. The idea of using Hebrew or Yiddish phrases is actually a really good idea (because they most likely aren't in the data bases being used) as is lastpass. This is a great video if you want to know more about how passwords are actually cracked.

[Zalc]

All of you discussing how you formulate your passwords are obviously reusing the same passwords on multiple websites, (unless you claim to remember 100+ passwords.)
This is the WORST idea you can have.

What do use?

I use lastpass. No way I am remembering 100+ strong passwords.

The new family sharing plan looks pretty good.

[yuneeq]

What do use?

I use lastpass. No way I am remembering 100+ strong passwords.

The new family sharing plan looks pretty good.

I also use Lastpass

[aygart]

What do use?

I use lastpass. No way I am remembering 100+ strong passwords.

The new family sharing plan looks pretty good.

I also use Lastpass

I used to use it

Just got a Firefox notification that LastPass is not compatible with the current version.

[Zalc]

I used to use it

https://blog.lastpass.com/2017/10/lastpass-beta-firefox-57.html/

Try this?

[ChaimMoskowitz]

https://blog.lastpass.com/2017/10/lastpass-beta-firefox-57.html/

Try this?

https://blog.lastpass.com/2017/10/lastpass-beta-firefox-57.html/

Try this?

How many times should I try it? 

[aygart]

How many times should I try it? 

Until it works