Jesper Johansson talks about the difficulty in cracking pass phrases in part 2 of 3 of this series
The Great Debates: Pass Phrases vs. Passwords. http://technet.microsoft.com/en-us/library/cc512613.aspx From: David Lum [mailto:[email protected]] Sent: Thursday, April 15, 2010 4:49 PM To: NT System Admin Issues Subject: RE: please don't change your password! Fortunately I have more than 60 days for each password (errr, passphrase Sherry!). What gets screwy is when I hop from network to network since I don't use the same ones everywhere. My first long passwords were "This password is hard to guess" then changed to "This password is harder to guess", "This password is even harder to guess", LOL. I heard somewhere that dictionary attacks can figure out phrases, anyone able to shed any light on that? I do substitute letters with numbers/symbols on occasion but not everywhere. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Brian Clark [mailto:[email protected]] Sent: Thursday, April 15, 2010 2:09 PM To: NT System Admin Issues Subject: Re: please don't change your password! Funny ones at that! Question is how often do you have to re enter them, as your tying is so good! ;) On 15 April 2010 22:03, Sherry Abercrombie <[email protected]> wrote: Actually, those are considered pass-phrases I do believe. ;) On Thu, Apr 15, 2010 at 3:57 PM, David Lum <[email protected]> wrote: I am very good at long "passwords", and so is anyone that can type using correct punctuation. The biggest hindrance to long password use are systems that limit the length of the password. Examples of complex long passwords include: I would like a beer from the refrigerator. Now. Why don't you close the door ALL the way? You're not wearing that outside, are you? The person watching me can't believe how long this password is. And when it's time to change the long password: I would REALLY like a beer from the refrigerator. Now! Why don't you close the door ALL the way next time? You're not wearing that outside, are you? Seriously? The person watching me really can't believe how long this password is. Etc... I love how big people eyes get when they see my tying in my 27 character Windows password, I HATE the systems that limit me to 15 or less. Dave From: Jon Harris [mailto:[email protected]] Sent: Thursday, April 15, 2010 1:45 PM To: NT System Admin Issues Subject: Re: please don't change your password! Sounds like someone trying to generate reader interest and FUD. A quick search seems he likes controversial subjects/items. Since passwords are the defacto standard for most Internet sites for protection of customers. I see no reason for someone to keep the same password for ever. Unless you are good at generating very long complex passwords. Jon On Thu, Apr 15, 2010 at 4:37 PM, Brian Clark <[email protected]> wrote: After a long week doing a SBS migration I didn't know how to take this article and needed to share it!! http://www.boston.com/bostonglobe/ideas/articles/2010/04/11/please_do_no t_change_your_password/?page=1 Brian -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
