>If I have a very secure password, and a very very secure password, aren't they both pretty secure? What is the point of this thread
Hudson Diaz
>Amount of numbers: 10 (including 0) >Number of letters, numbers, and symbols: 26 letters, 10 numbers, I don't know how many symbols but more than 10
How many people do you think would win the lotto if you only had 25 numbers and had to pick 6 of them? Now how many do you think would win if they had to pick 6 from 10,000 numbers?
Ethan Barnes
A brute force attack wouldn't know in advance what the password is, so wouldn't it be brute-forcing through letters+characters+symbols anyway? It'll still go through way, way, way more than 10^20 permutations, taking decades or centuries before it finds the actual 20-digit number password.
Asher Russell
Here's a better question: once you get to an arbitrary length, does it matter? Someone that is trying to crack your password wouldn't know beforehand that its all numbers so they would still be trying to crack with all symbols and letters.
Chase Miller
When you evaluate the safety provided by a password generation scheme, it's standard practice to assume that an attacker knows what the scheme is, just not the exact password produced.
Hunter White
That's unrealistic, in what real scenario would the attacker know the scheme?
Sebastian Miller
Maybe if you recently posted it on Any Forums
Ian Martinez
here is your secure password: ඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞ
Angel Evans
>A brute force attack wouldn't know in advance what the password is, so wouldn't it be brute-forcing through letters+characters+symbols anyway? They could check the numbers first since they are much less space and then do the alphanumericals next.
The effort it takes to go through all numbers is 0.0000000000000000028% of the effort it takes to go through the alphanumericals.
Ian Ramirez
>512 letter password with different languages and random symbols >check the "remember me" box >no one can ever crack my password what now hackers
You reuse this password on all the websites. One get hacked and it is found that it literally stores passwords in plaintext. You get hacked.
Many such cases.
Best practice, use password managers or go for longer alpha-numericals vs symbols. They are easier to remember and increase chance of uniqueness (not reusing). Also 16 letter long alpha-num is as strong as 12 letter with symbols (unless you use symbols not readily available on your keyboard which is highly unpractical).
Colton Anderson
>reusing the password >implying every password isnt different 512 random inputs of pure gibberish
Samuel Fisher
I use always the same random password for most sites Important ones are picked out of a book >index card with website and a page number next to it >in the page number there is a word underlined >password for that site is page number plus password >paypal 55 becomes “55ideology,”
Jackson Fisher
Brute force attacks arent purely brute force and exhaust dictionary words and pure numbers before moving onto permutations then strong password conditions.
Luis Wood
>Someone that is trying to crack your password wouldn't know beforehand that its all numbers
No, but if using all numbers is a common thing people do crackers will try it. Especially if you always use only numbers and one of your (all numbers) passwords got compromised one day, your username combined with all numbers could become a thing they'll try.
Zachary Carter
Are there any symbols that are not used in many brute force methods? Some unicode symbol maybe? Space?
Robert Sanchez
>55ideology, Single dictionary word surrounded by 3 random characters. That's a piss poor password.
Ayden Ortiz
>piss poor password Compared to what?
Jason Diaz
If you think a human is guessing your password, you’re a dumbfuck. Any obfuscating you do irl is worthless
Jason Cox
A true "brute force" would try all possible characters in all possible combinations. That's the very definition of "brute force".
Smarter crackers will avoid uncommon characters, either completely or just giving them a lower probability. But once people start using, say, spaces or Chinese characters then crackers will adjust their scrips accordingly.
Ryan Hernandez
Nobody is looking for YOUR password, they're looking for ANY passwords. They'll take a DB dump and crack as many passwords as they can using common dictionaries and generators that will hit the low-hanging fruit. All-digit passwords are most certainly among the things that they will try, though whether or not they'll go to a length of 20 is anyone's guess. The point is that they'll try cracking passwords with reduced keyspaces first. You want to try and have a password whose keyspace is beyond the point at which crackers will be happy with what they have and give up on the rest.
Sebastian Cooper
A short, completely random password like "4nK9d" My password is only half the length of yours but much harder to crack.
Levi Nelson
Assuming identical entropy it doesn't matter if you use a larger character set or more characters.
I prefer a reduced character set that doesn't contain hard to distinguish characters like "l" and "I", or "O" and "0". Which makes them MUCH easier to type over from a password manager so I can use longer passwords before it becomes annoying.