Lets start off with...
TLDR version: = Read it lazy ass.. it may save you one day a lot has changed the past few years trust me what you do or are used to doing probably is wrong...
So the reason I am posting this is probably 99% of the users on this forum (I am sure there may be one or two of you who are in the loop and don't fail lol) as well as other locations e-mail banking and whatnot are probably in violation of password rules and what's even worse people use the same passwords everywhere..
A little known fact is how passwords are actually cracked now compared to how they were when password rules and suggestions were slammed into everyone's minds
If someone was to gain access to a database.. which would not be very difficult on practically any site especially forums and the like not owned by big box corporations and even those sometimes.. without having someone who checks their security constantly and suggests/applies fixes.. they could very easily and with no trouble have your password in under a second once they gain access to the database.. even if the password is hashed (to keep it simple for everyone hashed basically means encrypted)
What used to be the case with passwords
Complex passwords with symbols and upper/lower case
example: 1!tz%FlWr!
now there are a couple of things about this.. 1 it is hella hard to remember which is stupid and two it can be cracked in about .08 seconds.. I promise
^^ This is a no no.. you don't do this anymore..
So I am sure you are asking.. what do we do now Drath.. I thought these were safe and secure passwords.. well I can tell you with 100% certainty this or any other variation of this is not a secure password any longer
So lets move on..
What is now the case..
What we security professionals now suggest is that you use what we call a passphrase..
Example: thisismyiplaycodlogin : obviously don't use my examples on this site lol.. this is just that an example...
or
Example: thereddogisbetterthanthebluedog is another example
The reason we are now suggesting the move to passphrases is any password of any combination of letters,symbols,upper/lower case under 14 characters can be cracked in under 5 seconds without fail..
this will not be the case forever.. approximately every 3-5 years we add another number to the length of passwords we can crack so easily... i would estimate in the next year 2012/2013 this number will become under 15 chars..
so rule of thumb make your passwords very long and EASY to remember but not easy to guess (ie don't use the names of your family members)
The Issues with passphrases on websites
Some websites actually have a maximum character length (IPC does not) for those just make them as long as possible.. and send a suggestion to have them increase the password length requirements so you may use a more secure passphrase..
Some websites require the use of special chars,upper/lower case,numerical combinations
so n my second example you could just do this
Example: 1Reddogisbetterthan2bluedogs!
@
NuckFuggets if i may make a suggestion remove the no minimum password length and force password changes upon next login (at least for mods/admins).. Please pm me if you would like me to explain my request..
(Important) Your password and why it Fails
Linear Mode
