Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
It's not even about the password cracker. That's where we are making things complex for no reason.
It's about math:
If the character set is for example [a-c] (a,b,c)
You can make this 4 letter password:
aaaa
or
cbaa
To calculate all possibilities you do:
size_of_character_set raised to length_of_password
That is: 3^4 = 81
If you add two new characters like "d" and "e" it will be: 5^4 = 625
But if you increase the length by two instead it will be: 3^6 = 729
See the difference? By increasing the length you get more password possibilities than by increasing the characters you have to choose from.
TL;DR; ask users to make long passwords instead of complex ones. (minimum 8? Maybe 10? 🤔)
(I wrote this on my phone sorry if there's errors) -
@molaram I'm using kee pass for storing and less pass for generaring passwords on two computers and smartphone. They work well.
My LastPass master password..
Are you serious? Are you afraid of an SQL injection or something, and instead of properly sanitizing your quer...
Who actually started the reign of mixed character passwords? because seriously it sucks to have an unnecessarily complex password! Like websites and apps requesting passwords to contain Upper/Lower case letter, numeric characters and symbols without considering the average user with low memory threshold (i.e; Me).
Let's push the complaint aside and return back to the actual reason a complex password is required.
Like we already know; Passwords are made complex so it can't be easily guessed by password crackers used by hackers and the primary reason behind adding symbols and numbers in a password is simply to create a stretch for possible outcome of guesses.
Now let's take a look into the logic behind a password cracker.
To hack a password,
1) The Password Cracker will usually lookup a dictionary of passwords (This point is very necessary for any possible outcome).
2) Attempts to login multiple times with list of passwords found (In most cases successful entries are found for passwords less than 8 chars).
3) If none was successful after the end of the dictionary, the cracker formulates each password on the dictionary to match popular standards of most website (i.e; First letter uppercase, a number at the end followed by a symbol. Thanks to those websites!)
4) If any password was successful, the cracker adds them to a new dictionary called a "pattern builder list" (This gives the cracker an upper edge on that specific platform because most websites forces a specific password pattern anyway)
In comparison:
>> Mygirlfriend98##
would be cracked faster compared to
>> iloveburberryihatepeanuts
Why?
Because the former is short and follows a popular pattern.
In reality, password crackers don't specifically care about Upper-Lowercase-Number-Symbol bullshit! They care more about the length of the password, the pattern of the password and formerly used entries (either from keyloggers or from previously hacked passwords).
So the need for requesting a humanly complex password is totally unnecessary because it's a bot that is being dealt with not another human.
My devrant password is a short story of *how I met first girlfriend* Goodluck to a password cracker!
rant
passwords
password strength
password crackers