code:Analysis: Security's already compromised, because of sharing with other people, and I'm not sharing anything I wouldn't want everyone to have. So why bother with a long password?Password Class of Attack
Length Combinations Class A Class B Class C Class D Class E Class F
7 8 Billion 9 Days 22 Hours 2¼ Hours 13 Mins 1¼ Mins 8 Secs
8 200 Billion 242 Days 24 Days 2½ Days 348 Mins 35 Mins 3½ Mins
code:Analysis: It looks like I'm safe from all but the distributed computing projects. I rotate passwords, periodically. (Note of pride: I designed the password generator that creates these passwords for me.)Length Combinations Class A Class B Class C Class D Class E Class F
8 7.2 Quadrillion 22,875 Years 2,287 Years 229 Years 23 Years 2¼ Years 83½ Days
quote:I use a system, such that every (important) password I have is different from all the others, but, knowing my system, I can easily deduce what it is. Basically the base password is the same for all of them, but there are additional letters/numbers appended that I associate with the site or service itself, that I can easily remember.
Originally posted by Goody Scrivener:
I admit, I have about 4 passwords total because I'm not so good at remembering them and I don't want to have a list somewhere that could be picked up or hacked into.
quote:You can calculate it from the information in the table. Start with the highest length they show; say it's ten. Then you are multiplying the number of combinations by 56 each time you add a character, which for 22 and 10 makes 56^12. So just multiply the length they show by 56^12, or about 10^21.
Originally posted by B34N:
Anyone know how long it would take for the 56 character variety that is actually 22 characters long?
quote:Actually, I think the answer is "long enough"...
Originally posted by King of Men:
quote:You can calculate it from the information in the table. Start with the highest length they show; say it's ten. Then you are multiplying the number of combinations by 56 each time you add a character, which for 22 and 10 makes 56^12. So just multiply the length they show by 56^12, or about 10^21.
Originally posted by B34N:
Anyone know how long it would take for the 56 character variety that is actually 22 characters long?
quote:Now that is cool.
I use a system, such that every (important) password I have is different from all the others, but, knowing my system, I can easily deduce what it is. Basically the base password is the same for all of them, but there are additional letters/numbers appended that I associate with the site or service itself, that I can easily remember.
quote:Ah, but you're assuming that functionality is a more important factor than braggability to one's friends. "Your password only uses characters on the keyboard? That's nothing. My password uses the trademark symbol!" meets "Oh yeah? Well my password is written in Chinese!", et cetera.
I think there's a point of diminishing returns, though. I mean, given that you can't even see your password as you type it, I think a 22-character password or a password with characters not available on the keyboard is overkill.
quote:The proliferation of cameras makes it MUCH easier to get peoples passwords. Heck, my laptop has a camera that is tiny. In a room full of people with laptops, I could easily point it at someone's keyboard and nobody would think twice.
Originally posted by MightyCow:
If the password is even fairly strong, it's much easier to get it other ways than brute force. Looking over someone's shoulder as they type it, for example.
quote:Are you saying that having a bi-annual, or annual, password change no longer provides any security benefits?
The dogma that we should always change passwords is based on outdated technology and is no longer applicable.
quote:You meant cat not ls, right?
ls /etc/passwd
quote:Online brute force attacks usually don't work because the authentication program usually disables a username after a number of incorrect guesses. I did that once with an ATM and my debit card. The difference between online and offline is that offline means you obtain the encrypted password file and can take it to some computer that doesn't have the limit on incorrect guesses.
Originally posted by BannaOj:
Would this actually make it safer? If the computer is looking for something with more digits and you don't have that number it seems like it would make things more difficult.