Hi All,
I’m an ordinary amateur computer user. Everywhere you look you are advised to vary the symbols used in passwords to make them more difficult to crack, but I think I may have found that that is wrong. For example, using the Avast Password Checker and the Microsoft one, the composition of passwords was irrelevant, it was only the length which mattered. Any combination of symbols up to 10 was reported as not very good but once the length of the word got above 12 the predicted crack times became very large indeed and the automated remarks got complimentary.
In chatting to a friend he suggested it was because the crackers were using brute force algorithms which simply check every combination of symbols available until the result matches. They don’t contain pattern recognition routines like a human brain. So I tried more and more obvious passwords, including ‘MuchAdoAboutNothing’ which any human would guess at about the sixth letter, but both checkers said it was a Strong password once it had got past letter number 11. Other Shakespeare plays like, ‘romeoandjuliet’ and ‘themerchantofvenice’ were equally highly rated. Eventually I tried digits only, 1 to 0 and back down again to 1 and this time a Medium password was reported when the list had got to 6 on the down. Similarly, with the letter ‘a’ on its own, a Strong password was reported when it got to 13 'a’s on the trot.
This bears out my friend’s supposition, that it’s simply the number of symbols in the password and not its complexity - so why is all the expert advice so loaded with dire warnings about not making your passwords predictable. It seemingly doesn’t matter, because, apparently, the crackers can’t predict and every symbol has exactly the same value and it only needs enough repetitions of the crack algorithm, and thus time, eventually to match 'em all up and effect a crack. It looks as if 123456789 plus Fido’s name isn’t such a bad option after all. Try it.
I think I’ll stop using obscure stuff which I can’t remember, and just use long words without too many repetitions in them. Incidentally, try using the intitial letters of the first 4 lines of the poem by Grey called Elegy in a Country Churchyard. The Avast password checker is VERY complimentary about this one despite multi-repetitive letters, and says that we’ll be on Mars before it can be cracked.
Kind regards to everybody,
Gerigent