Real-World Passwords

Thanks for the link Ronjor, interesting read.

On the subject of passwords, I was wondering how easy it is to create a secure password.

I thought my windows XP account had a pretty good password. It was 12 characters long, containing letters, numbers and symbols.

I then installed and ran Proactive Windows Security Explorer 1.10. It found my password in about 10 secs.

I kept the same password but copied and pasted it twice to make 24 characters. Took about 10 secs to crack it.

It was only when I copied and pasted it three times, to give 36 characters that the programme had difficulty finding it.

So based on my little experiment, I would have to conclude that you need a password somewhere between 25 and 36 characters long.

Does anyone know if my conclusion is anywhere near the truth?

 

I tailor my passwords to what they protect and what they can unlock and who has access to what. For example my browser has a built in password manager, since that protects all the passwords that gets a long password 50 positions. I use the password generator in Keepass to generate a 50 position random password.

 

That proactive password auditor was a scary little software
I didnt know it was so easy to retrieve my admin account password (brute force through registry)
It didnt get my user account password though (admin group). I wonder why. It actually has less letters and no numbers.