Great comic about password strength 1

[MasterRacker]

http://xkcd.com/936/

I love it.

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]

 

[Noway2]

I agree that is a good one. It is unfortunate, but passwords alone are becoming obsolete and are nearly ineffective. The computational power and search capability are making it trivial to brute force guess a password or perform a lookup via a rainbow table which is negating the benefits of hashing too.

Using a combination of words, which dramatically increases the length may help. Adding in some numbers and symbols and multiple case to expand the character set will help too. On the down side would be knowing, or at least suspecting, that a combination of words was used which will reduce the combination set.

It is also important to use methods to slow down a cracking attempt, such as using temporary lockouts after a few failed attempts.

I have also been seeing an increased trend towards a multi factor authentication using a combination of passwords and cryptographic keys, which is significantly more secure and only slightly more complicated for the user.

 

[dkediger]

Yeah - it blows peoples minds when I explain how "Mary had a little lamb" is as good a password as "Q2fg!x5"

 

[SamBones]

Well, there are still a lot of Unices that only use 8 characters of the password to generate the hash. That is, "supercal" has the same hash as "supercalifragilisticexpialidocious".

I used to give out passwords that long to new users to mess with them. They would get in fine as long as the first eight characters were correct.

Still, 8 lower case alphabetic characters is a pretty small name space (26^8). That's pretty easy to crack with brute force. When you add caps, numeric digits, and punctuation, the name space gets huge (70+^8). That's much harder to crack using brute force.