From my experience brute forcing passwords, no. It’s smart enough to try character substitutions and it annoys me so much that the FBI recommends this practice.
Wait it’s not? I remember some people in the industry recommend this sort of password albeit with variation of other random words as it’s pretty strong and would take a very long time to crack.
It’s not. A dictionary has on the order of ≈100,000 (10^5) words in it. Picking five words entirely at random gives you 10^25 combinations, which is about the complexity of 14 alphanumeric characters. So pretty secure.
So i guess p@s5w0RD123pA55wOrD would be super strong.
That’s okay at best. Better if a passphrase, just random, impersonal words, something like this (~50 bits of entropy):
“virtual raging vineyard clad runner”
Best is a long, completely random string, stored in the password manager that you should be using anyways ~150 bits of entropy):
“hX0hZ1QTWtQo(h[Ta9jH]TmsVIhUTgSE”
I just see *******************
Need your credit card number and the 3 digit number at the back of the card to see what i typed.
From my experience brute forcing passwords, no. It’s smart enough to try character substitutions and it annoys me so much that the FBI recommends this practice.
Wait it’s not? I remember some people in the industry recommend this sort of password albeit with variation of other random words as it’s pretty strong and would take a very long time to crack.
Indeed, just four impersonal words is a great password. Mix up the capitalization and it’s even better.
If it’s a bunch of words found in any dictionary then with or without character substitution it’ll be easy to crack.
It’s not. A dictionary has on the order of ≈100,000 (10^5) words in it. Picking five words entirely at random gives you 10^25 combinations, which is about the complexity of 14 alphanumeric characters. So pretty secure.