You are viewing a single comment's thread from:

RE: Building Ultra Secure And Memorable Passwords

in #security7 years ago

Here is a question I have been wondering about lately. You might know. I know it is recommended to use caps, numbers, symbols but if your password is long enough and not some common saying or phrase how do those trying to brute force know if you did or didn't use any of the above? Wouldn't they have to try every possible combination no matter what?

7 years ago in #security by
$0.06
  • Past Payouts $0.06
  • - Author $0.05
  • - Curators $0.01
1 vote
Reply 1
Sort:  
  • Trending
    • [-]
     7 years ago 

    Good point. The attacker actually doesn't think anything, he will just try out passwords and start with simplest combinations because they require less computing power.

    First, He tries the really simple stuff: password, password123, 123456, 123456!, secret!, admin...

    Then he will move on to test alphabetic algorithms. He will assume that you are one of the majority, and therefore use a only-letter-alphabet. That means he only has to test for 26 letters. If you add numbers and symbols you increase to alphabet 62 characters - it is much more computational effort AND you are a minority who uses complex passwords, the attacker might skip on you. Symbols are uncommon and hard to guess.

    This is how to make a password more robust without a crazy length.

    But you totally can totally win by just making your phrase super long. After a certain length it becomes unbeatable (lowest threshold is around 16 chars, I believe). I suggest a phrase above 23 characters.

    e.g.:

    afrogbrownarejumpyesterdaybefore

    32 chars. Pretty much un-crackable.

    $0.03
    • Past Payouts $0.03
    • - Author $0.03
    • - Curators $0.01
    1 vote
    Reply

    Coin Marketplace

    STEEM 0.19
    TRX 0.17
    JST 0.031
    BTC 87962.02
    ETH 3341.45
    USDT 1.00
    SBD 2.89