Well... I got hacked.

[PowerFullMac]

While not bad, this password system not as secure as you think that it might be. It can be hacked given time and resources since a dictionary type attack could be used.

Throw in a few numbers and punctuation if you want a much more secure password.

Well I would have thought a brute force hacking program would take forever to crack a sentence... I will put commas and full stops in next time, I will make a whole paragraph! Nothing will crack that!

 

[sushi]

Well I would have thought a brute force hacking program would take forever to crack a sentence... I will put commas and full stops in next time, I will make a whole paragraph! Nothing will crack that!

Your concept is good since it is long and mixes spaces with words where some are capitalized and others are not. However, if your words are all available in a dictionary, then it is possible to use a dictionary attack.

All you need to do, is add a few numbers and one punctuation mark in there and it will be much harder in orders of magnitude to crack.

On a slightly different topic, one issue today, is that some sites have min-max password length constraints. So lets say you have a favorite password system that you use that generates 20 character (letters, numbers and punctuation) passwords for you. Then you go to a site that only accepts 12 character passwords, or one that can take 20 characters but no punctuation.

So you basically need a couple of password generating systems today...unfortunately.

 

[SuperCompu2]

A nice password combining a bunch of different deterrents was actually easy to remember back when I used it (now retired, i told someone it who could have potentially exploited it)

PowerMacG3

Caps, numbers, and an easy to remember password. Nice length too.

Plus, if you really wanted something no one would guess..

PowerBookG5

haha

 

[neiltc13]

Bummer dude. You should look into 1password for password management. Then you could have complex passwords for all your services and you would only need to remember one

How does 1password cope if I want to log in to my email account on a computer which doesn't have the software?

 

[JNB]

How does 1password cope if I want to log in to my email account on a computer which doesn't have the software?

It doesn't. 1Password is an application, not a web service. You'll have to remember that on your own.

 

[neiltc13]

Seems like a pretty stupid service if you can only log in to your webmail etc. from the computer on which you have 1password.

 

[JNB]

Seems like a pretty stupid service if you can only log in to your webmail etc. from the computer on which you have 1password.

That's the whole point: it is not a service. It is a standalone application, always has been, and has never been positioned as anything but.

Now, as far as a web service that will store all your passwords, account numbers, etc., who exactly do you trust with that info?