Originally Posted by RiverOfIce
Using word phrase passwords is not really all the secure. Here is why. If I assume that you are using only English words and you spelled the correctly, I can crack that password in a few minutes.
Take the maximum number of characters allowed by the account. Take the minimum number of characters allowed by the account. For example, it can not be longer then 16 characters, or shorter then 6. Now you can take the common English dictionary combine each word that is shorter then 16 characters. You now have limited that possible words to less then 80,000 possible choices. Take all the words shorter then 6 characters and combine them words under 16 characters, you have less then 100,000,000 combos, I am rounding it here, it can not be less then 171,000 words nor more then 120 million combos.
If you take that the fact that you have limited the number of possible words and word orders to less then 100,000,000 combos, your password is broken in less then 10000 seconds. Which means that you have a password that is crack able in less then 27 days. Remove all uncommon words, remove all words that combo does not equal more then 16 and less then 6, you can crack it in less then 12 seconds.
Sorry, it is just not very secure.
The best way to make up passwords is to use a poem.
A Cliff Dwelling- Robert Frost
There sandy seems the golden sky
And golden seems the sandy plain.
No habitation meets the eye
Unless in the horizon rim,
Some halfway up the limestone wall,
That spot of black is not a stain
Or shadow, but a cavern hole,
Where someone used to climb and crawl
To rest from his besetting fears.
I see the callus on his soul
The disappearing last of him
And of his race starvation slim,
Oh years ago - ten thousand years.
TsstgsAgstspNhmte- would take 9 thousand centuries
Anyone can remember a song, poem, or favorite quote. Remember it is very simple and very easy to remember.
Using common words is insanely easy to break with brute force and is trip over easy to crack for rainbow tables. If you use the poem above, unsalted hashed passwords would take decades to crack. Unsalted whole word phrases will go down in minutes.