Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Permalink for comment 541992
To read all comments associated with this story, please click here.
RE[2]: make 'm long
by Fergy on Sun 11th Nov 2012 17:26 UTC in reply to "RE: make 'm long"
Fergy
Member since:
2006-04-10

Common misconceptions with password security:

* concatenating words together is more secure == false. Modern attacks use a dictionary of words and tries combinations of such words concatenated.

* using txt spk / l33t style words are harder to crack than common words == false. Modern dictionaries have every imaginable combination of number and non-alpha/numeric substitutions of letters as well as plain English words.

* using non-English words are more secure == false. Dictionaries include words from most languages, proper-nouns and even slang that isn't technically part of any language.


Password cracking has come a long way in the last few years and current security advice hasn't kept up with development.

Use lower case: 26 possibilities
Use upper case: 26 possibilities
Use numbers: 10 possibilities
Use punctuation: 32 possibilites
Use them all: 94 possibilities per character

Using English is the easiest way to fall victim to dictionary attacks. Put in another language and suddenly the cracker would have to include 20+ dictionaries. Put in a dialect and the cracker would need to put 2000+ dictionaries in.

How can you possibly claim that increasing the possibilities is _not_ more secure?

Reply Parent Score: 2