Before we jump into this topic, see if you can decipher what this comic is telling us.
The joke here is that for all our obsessive mandating that people use a combination of uppercase/lowercase/numbers to increase password strength, we still don’t really accomplish the goal of making passwords harder for bots to guess. In addition to this, passwords with all kinds of funny characters are much more difficult to remember, prompting many users to either write down their passwords, or use a password manager.
This will work, but it’s is sort of like hiding the key for your house in the mailbox; it defeats the purpose of having a lock in the first place.
Passwords are broken or “cracked” by bots mainly in one of these two ways:
Brute Force – A program will simply try all combinations, starting with the minimum length and going from there. This is not very effective and tends to not work with passwords 10 characters or longer.
Rainbow Tables – A program will use a very large list of common passwords, compiled through various means, as well as common variations within them (such as adding a piece of punctuation, or subbing a zero for the letter o) This is the most effective means of breaking into accounts.
Most online applications will support the use of a passphrase, although they may still insist you meet the various requirements such as upper/lowercase & numbers within your phrase. This only serves to make your password more difficult to guess.
At some point in the future there will be better means of authentication, but for the time being, the humble password isn’t going anywhere.
At Navigator Multimedia Inc., as a Kelowna website hosting provider, we recommend the use of passphrases, as they are more secure and easier to remember.
Just don’t use “Correct Horse Battery Staple” – that one is taken.