Top Mud Sites Forum - View Single Post

silvarilon · 05-30-2010, 09:25 PM

Not a surprise.

Back when I was a teen and would play around with "blind security testing" that was second on my automated guess list, with "password" as number 1.
For the master password, first on my guess list was "god"

In practice, even though they were the most common passwords, they still came up extremely, extremely rarely. Almost all the passwords would be found through automated guessing, starting at aaa, then aab, aac, and so on. (Once you've got the encrypted password file you can have as many guesses as you want, limited by the speed of your computer.)

The longer the password is, and if you also have to guess using numbers and other characters like ? or ! significantly increases the time it takes to brute force guess all the possible combinations.

So the moral of the story, you don't need any tricks to make a password super secure. You just need it to be long (preferably longer than eight characters) and include a special character. Heck, you can use your own name followed by an exclamation point. Nobody is going to think to guess that unless you've told them that you use it as your password (or unless you've written that into your password hint.)

People really don't get into accounts from guessing passwords.

05-30-2010, 09:25 PM	#2
silvarilon Member Join Date: Dec 2009 Posts: 144	Re: Passwords Not a surprise. Back when I was a teen and would play around with "blind security testing" that was second on my automated guess list, with "password" as number 1. For the master password, first on my guess list was "god" In practice, even though they were the most common passwords, they still came up extremely, extremely rarely. Almost all the passwords would be found through automated guessing, starting at aaa, then aab, aac, and so on. (Once you've got the encrypted password file you can have as many guesses as you want, limited by the speed of your computer.) The longer the password is, and if you also have to guess using numbers and other characters like ? or ! significantly increases the time it takes to brute force guess all the possible combinations. So the moral of the story, you don't need any tricks to make a password super secure. You just need it to be long (preferably longer than eight characters) and include a special character. Heck, you can use your own name followed by an exclamation point. Nobody is going to think to guess that unless you've told them that you use it as your password (or unless you've written that into your password hint.) People really don't get into accounts from guessing passwords.