Each dictionary word = one word. So that’s four characters. Then each underscore is its own character. The basis is, since the rise of Fermi and its successors (basically, modern graphics cards), you can run dictionary attacks on passwords, making any proper name, nickname or any word appearing in any dictionary effectively one character. They were able to do this before, but it took them a lot longer. This is one of the reasons most security advisors suggest you use a program like LastPass to store passwords.
13 characters is good and all but Everyone insists that there should be a capital character, a number, and a symbol in the password to. May I suggest the password “There_is_no_password!_All_1_word?”
Thank you Ant. If one is going to school others on passwords (or anything else) it really is most important to first be sure you aren’t evaluating your own smarts by the Dunning-Kruger effect.
That is not what is meant by a dictionary attack. See Ant’s helpful link to learn more. Also, even if each word is reduced to a single symbol, then the five symbols in the proposed short version, would exist in a space with 20,000 (ish) possible english symbols.
20,000^7 is a pretty huge amount of combinations to try.
Four words, ideally less-common ones, with a random punctuation in the middle somewhere (middle of a word, not between words), is going to stymie most dictionary attacks.
On a related note, I had a boss who set the internal router passwords to “what”. No quotes, just all lowercase four letters. His theory was that it was so simple no one would ever guess it.
It’s a damn good thing we had a firewall that was configured to block access to the internal routers.
“What’s the wifi password?”
“Yes.”
…
“Yes is the wifi password?”
“No, what is the wifi password”
…
“That is what I’m asking you”
“I am telling you what”
…
“What are you telling me?”
“I am telling you what is the wifi password”
“Which is..?”
“The database”
“I AM ASKING YOU…. nevermind, what is the database password?”
“No, which.”
That’s a 7 character password. Not very secure.
Seven? How?
Each dictionary word = one word. So that’s four characters. Then each underscore is its own character. The basis is, since the rise of Fermi and its successors (basically, modern graphics cards), you can run dictionary attacks on passwords, making any proper name, nickname or any word appearing in any dictionary effectively one character. They were able to do this before, but it took them a lot longer. This is one of the reasons most security advisors suggest you use a program like LastPass to store passwords.
With those rules it’s 13 “characters” since the password is “there_is_no_password_all_one_word”
13 characters is good and all but Everyone insists that there should be a capital character, a number, and a symbol in the password to. May I suggest the password “There_is_no_password!_All_1_word?”
Nobody in the comic claimed it was a good password.
All I have to say in reply to you, sir, is this: https://xkcd.com/936/
Thank you Ant. If one is going to school others on passwords (or anything else) it really is most important to first be sure you aren’t evaluating your own smarts by the Dunning-Kruger effect.
That is not what is meant by a dictionary attack. See Ant’s helpful link to learn more. Also, even if each word is reduced to a single symbol, then the five symbols in the proposed short version, would exist in a space with 20,000 (ish) possible english symbols.
20,000^7 is a pretty huge amount of combinations to try.
Four words, ideally less-common ones, with a random punctuation in the middle somewhere (middle of a word, not between words), is going to stymie most dictionary attacks.
On a related note, I had a boss who set the internal router passwords to “what”. No quotes, just all lowercase four letters. His theory was that it was so simple no one would ever guess it.
It’s a damn good thing we had a firewall that was configured to block access to the internal routers.
That must have been hilarious to watch though.
“What’s the wifi password?”
“Yes.”
…
“Yes is the wifi password?”
“No, what is the wifi password”
…
“That is what I’m asking you”
“I am telling you what”
…
“What are you telling me?”
“I am telling you what is the wifi password”
“Which is..?”
“The database”
“I AM ASKING YOU…. nevermind, what is the database password?”
“No, which.”
….
Abbott and Costello are gods
That could be me, actually.