I'm in IT...I've forgotten the last time I've forgotten a password and mine are all 10-15+ character phrases. Phrases are easier to remember than words IMHO.
FYI - 8 characters or less, regardless of makeup is not complex enough to stop a real hacker with today's computing power. The minimum is 10, because the variable increase adds an amazing amount of time making it only worthwhile for a known target.
7 characters can be cracked in milliseconds
8 takes hours
9 takes days
10 takes months
11 takes years
That's fine if you get instant feedback for each attempt. Fine if you're trying to brute force an archive file or something local.
Getting a login result (success / failure) back from a website might take a few seconds per attempt. Also, depending on the site, you can get locked out after "too many" tries.
However, you work in IT and I don't, so feel free to school me wherever I've got it wrong.
Btw I use KeePassX and my passwords are 24-character strings.
Yes, you can get temp locked, or delayed etc depending upon the system. At 7 characters if their spinning a dic with a script, that's very doable in a few days even with delays. The point is to increase the variables to increase the time.
Once upon a past 24+ characters mattered, because doing so forced Windows to a higher level of encryption (never mattered with other OS'). That's not the case anymore, so once people pass 11 that's generally good enough to stop all with today's computing, especially if they're changed multiple times a year.
I'm in IT...I've forgotten the last time I've forgotten a password and mine are all 10-15+ character phrases. Phrases are easier to remember than words IMHO.
FYI - 8 characters or less, regardless of makeup is not complex enough to stop a real hacker with today's computing power. The minimum is 10, because the variable increase adds an amazing amount of time making it only worthwhile for a known target.
7 characters can be cracked in milliseconds 8 takes hours 9 takes days 10 takes months 11 takes years
So, B1DENi$aPed0phile would be good??
LMAO!!
Perfect Pede!!
You're talking brute forcing, yeah?
That's fine if you get instant feedback for each attempt. Fine if you're trying to brute force an archive file or something local.
Getting a login result (success / failure) back from a website might take a few seconds per attempt. Also, depending on the site, you can get locked out after "too many" tries.
However, you work in IT and I don't, so feel free to school me wherever I've got it wrong.
Btw I use KeePassX and my passwords are 24-character strings.
Yes, you can get temp locked, or delayed etc depending upon the system. At 7 characters if their spinning a dic with a script, that's very doable in a few days even with delays. The point is to increase the variables to increase the time.
Once upon a past 24+ characters mattered, because doing so forced Windows to a higher level of encryption (never mattered with other OS'). That's not the case anymore, so once people pass 11 that's generally good enough to stop all with today's computing, especially if they're changed multiple times a year.
CORRECT HORSE BATTERY STAPLE