Password Complexity, Good or bad?

BRRABill

@scottalanmiller said:

Remember that password complexity is a myth. It's complex to a human but the computer cannot tell. p@55w0rd and password are exactly the same to a computer - they are both easily guessable eight character passwords.

Is that true? Doesn't adding character sets make it harder to guess? Human interaction aside? I am just saying aaaaaaaa versus something random with punctuation would take longer to crack. Are you saying that is not the case?

travisdh1

@BRRABill said:

@scottalanmiller said:

Remember that password complexity is a myth. It's complex to a human but the computer cannot tell. p@55w0rd and password are exactly the same to a computer - they are both easily guessable eight character passwords.

Is that true? Doesn't adding character sets make it harder to guess? Human interaction aside? I am just saying aaaaaaaa versus something random with punctuation would take longer to crack. Are you saying that is not the case?

Length matters, everything else is a flying spaghetti monster. If you really want to know why, you've got a LOT of reading to do, and probably more math than you've ever wanted to understand, let alone do.

brianlittlejohn

No matter what they say... length matters

travisdh1

@brianlittlejohn said:

No matter what they say... length matters

Yes, I purposely went there. I'm heading home now, latter

BRRABill

@travisdh1 said:

Length matters, everything else is a flying spaghetti monster. If you really want to know why, you've got a LOT of reading to do, and probably more math than you've ever wanted to understand, let alone do.

I also agree with that.

I am just saying isn't

thisisalongpassword

weaker than

thisisa@longpassword

Dashrender

@BRRABill said:

@travisdh1 said:

Length matters, everything else is a flying spaghetti monster. If you really want to know why, you've got a LOT of reading to do, and probably more math than you've ever wanted to understand, let alone do.

I also agree with that.

I am just saying isn't

thisisalongpassword

weaker than

thisisa@longpassword

Yes, of course it is. but thisisalongpassword is way better than P@ssw0rd

BRRABill

@Dashrender said:

Yes, of course it is. but thisisalongpassword is way better than P@ssw0rd

I originally was questioning @scottalanmiller that

password
and
P@ssw0rd

are the same to a computer.

Not arguing anything here. Agree with it all.

Dashrender

@Dashrender said:

thisisalongpassword

according to howsecureismypassword.com

thisisalongpassword

and P@ssw0rd

Dashrender

@BRRABill said:

@Dashrender said:

Yes, of course it is. but thisisalongpassword is way better than P@ssw0rd

I originally was questioning @scottalanmiller that

password
and
P@ssw0rd

are the same to a computer.

Not arguing anything here. Agree with it all.

He was over simplifying it, sure. But both would be in a pre defined dictionary which would take seconds to crack so he does have that on his side.

Deleted74295

http://howsecureismypassword.com/

Appears to be offline

BRRABill

@Breffni-Potter said:

http://howsecureismypassword.com/

Appears to be offline

.NET

BRRABill

thisisalongpassword = 607 million years

thisisalongpasswor@ = 3 trillion years

Dashrender

@BRRABill said:

@Breffni-Potter said:

http://howsecureismypassword.com/

Appears to be offline

.NET

whoops

https://howsecureismypassword.net/

BRRABill

@Dashrender said:

whoops

https://howsecureismypassword.net/

At least it wasn't a porn site.

Dashrender

@BRRABill said:

thisisalongpassword = 607 million years

thisisalongpasswor@ = 3 trillion years

Is there a real difference? A meaningful difference?

Dashrender

@BRRABill said:

@Dashrender said:

whoops

https://howsecureismypassword.net/

At least it wasn't a porn site.

Why?

BRRABill

@Dashrender said:

Is there a real difference? A meaningful difference?

Yes.

I plan to live between those two numbers, so I need the stronger password.

Dashrender

@BRRABill said:

@Dashrender said:

Is there a real difference? A meaningful difference?

Yes.

I plan to live between those two numbers, so I need the stronger password.

Just change it at least once between now and then and you should be fine.

BRRABill

@Dashrender said:

Is there a real difference? A meaningful difference?

My point is that just adding a capital or symbol adds a lot of complexity to the password. It can make a big difference when dealing with shorter passwords. (Say 12 or less.) Why totally take them out of the equation? Especially at the beginning or end of the passphrase? Or on sites that don't allow longer passwords for whatever reason.

BRRABill

@Dashrender said:

Just change it at least once between now and then and you should be fine.

I was planning to just add another @ sign but apparently that is a no-no.