theogt;3747490 said:
Doesn't seem all that foolish. As this shows, if someone wants a password, they can get it. Simply having a randomized password vs. a more obvious one doesn't prevent anything.
Nothing annoys me more than ridiculous password requirements with upper and lower case, non-alpha-numeric characters, etc. That is a complete waste of time and provides no security whatsoever.
Whoa, you know nothing of what you say. To say using letters (upper & lower case) along with non-alpha-numeric characters is a complete waste is ignorant. Simple math will tell you that.
If you only use lowercase letters and a password of 5 characters in length there are 11,881,376 possible passwords. The problem with this? (not that it even matters with todays computers) Crackers know that you aren't using random letters. So instead of a straight up cycling through every possibility, they do a dictionary brute force attack. In the Oxford dictionary there are less than 200,000 words. (1/66th as many possibilities) Depending on the medium used that is being cracked and the computational power of the processor being used, the 11.8M possibilities can be cracked almost instantaneously.
These security guys did a test on a few different passwords and checked out how many attempts it took to crack them. Here was the outcome.
The following tests were done with Distributed.net to see how effective the types of passwords were. The first word is the password, the large number is how many attempts it took before it figured out the password, and the time listed afterwards is based on how long it would take a fast dual core processor to crack the password using brute force.
- darren: 308 million (30 seconds)
- Land3rz: 3.5 Trillion (4 days)
- B33r&Mug: 7.2 Quadrillion (23 years)
Don't be a fool as the title of this thread says.
