Helping people with computers... one answer at a time.
A longer password of repeating characters is more secure than a short complicated password. They are not cracked letter by letter.
I've tried to move many of my passwords to passphrases or use just the first letters of words in a passphrase. Why could you not, for example, just use the letter "w" twenty times. Would this be better than a complicated password of ten letters, numbers and symbols, etc. I'm assuming the technique used to crack the password cannot tell when each character was correctly chosen. I'm sure though, that I'm oversimplifying this.
In this excerpt from Answercast #100 I look at cracking passwords and why longer is better.
Actually, you're not. It's very interesting. When you've got a choice between making a password longer or making it more complex (in other words, having it be shorter but more complex) length always wins.
So in your particular case, absolutely, a password of twenty "w's" would be much more secure than a ten-character password of random characters. Now, of course, twenty "w's" is a lot easier to remember and maybe somebody shoulder surfing could more easily see what your password was - but in general for the kinds of attacks where passwords get cracked, a longer password always wins.
Now, one of the things that you mentioned actually reminds me of something we see on TV shows all the time.
If you pay attention to some of the technology that's used in police shows or spy thrillers, you'll see that whenever they're trying to crack a password, the letters of the password will suddenly appear one character at a time. It's usually a race in time for that last character to appear and the entire password to get cracked.
You know what? That is not how it works.
You have to get the entire password right at once. There is no way to discover a password character-by-character. So in your case, with your twenty "w's", the fact that the first character is "w" doesn't really give any assistance to a password cracker to have any hope of realizing that, "Oh! The second character is 'w' and the third character is 'w' and all twenty ..."
It doesn't matter. As far as a password cracker is concerned, you've got twenty random characters. In your case, you know that they all just happen to be the letter "w".
So, in general, when it comes down to choosing secure passwords, when it
comes down to choosing passwords that you can remember and are still secure, by
all means, go for a longer password if the system you're using will allow you
to do so.
(Transcript lightly edited for readability.)
Next from Answercast 100- Why might streaming music play only with starts and stops?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.