In general, the longer the password, and the more random it is, the more secure it is. This is because if a password file is stolen, the passwords are stored there are stored in encrypted format, where each password is encrypted with… itself. This means that in order to determine what an account
‘s password is, an attack must try encrypting every random possible string and see if it matches the encrypted password.
Naturally, this means that all possible 2-character strings can be tried quicker than 3-character strings, and 4 character strings will take even longer. Unfortunately, thanks to Moore’s Law, “longer” means “a few milliseconds”. 8 character passwords are usually the minimum, but by some estimates, even that is not sufficient. To make for an even bigger challenge, us humans tend to have a hard time remembering random letters and numbers. This leads to bad habits such as using the same password on multiple sites, and that can cause its own problems.
Continue reading “Introducing Diceware: Secure Passwords You Can Remember!”