I'm in IT...I've forgotten the last time I've forgotten a password and mine are all 10-15+ character phrases. Phrases are easier to remember than words IMHO.
FYI - 8 characters or less, regardless of makeup is not complex enough to stop a real hacker with today's computing power. The minimum is 10, because the variable increase adds an amazing amount of time making it only worthwhile for a known target.
7 characters can be cracked in milliseconds
8 takes hours
9 takes days
10 takes months
11 takes years
That's fine if you get instant feedback for each attempt. Fine if you're trying to brute force an archive file or something local.
Getting a login result (success / failure) back from a website might take a few seconds per attempt. Also, depending on the site, you can get locked out after "too many" tries.
However, you work in IT and I don't, so feel free to school me wherever I've got it wrong.
Btw I use KeePassX and my passwords are 24-character strings.
I'm in IT...I've forgotten the last time I've forgotten a password and mine are all 10-15+ character phrases. Phrases are easier to remember than words IMHO.
FYI - 8 characters or less, regardless of makeup is not complex enough to stop a real hacker with today's computing power. The minimum is 10, because the variable increase adds an amazing amount of time making it only worthwhile for a known target.
7 characters can be cracked in milliseconds 8 takes hours 9 takes days 10 takes months 11 takes years
You're talking brute forcing, yeah?
That's fine if you get instant feedback for each attempt. Fine if you're trying to brute force an archive file or something local.
Getting a login result (success / failure) back from a website might take a few seconds per attempt. Also, depending on the site, you can get locked out after "too many" tries.
However, you work in IT and I don't, so feel free to school me wherever I've got it wrong.
Btw I use KeePassX and my passwords are 24-character strings.