Out-of-date password requirements were eight characters of upper and lower-case letters, numerals, and symbols
such as – or _. The resultant typically is exactly eight characters, beginning
with an upper-case character, and ending with a symbol or the numeral “1”.
Invariably, it is a recognizable name easily associated with the user’s
environment (child or pet). I knew of a college that permitted a max
of nine characters of either number and lower-case letters, only.
Requirements to periodically change password usually causes one to change the last character being changed, IE, “1” is “7”, “!” is “.”, etc. Miscreants are aware of the gambits. Additionally, they know who enforces periodic password
changes; the Social Security Administration once did require a change every six months. That is no longer true.
Hackers have gillions of stolen
passwords and incorporate them in password-cracking software programs. They
also have massive computing power that can try billions of passwords per hour. Most of which are cracked within fractions of a second.
Simply, more than twenty years of
training taught us to create passwords that are difficult to remember, but easy
for computers to crack.
Password generators produce longer, random-character passwords. Password managers are often employed to keep track of them
and associate the credentials to the site for which they apply.
Online Password Managers have been
breached, proving that it remains a secret only if you personally retain it, yourself.
Password Safe is my personal choice for
managing my 287 accounts credentials record.
Unfortunately, some websites thwart
password managers from automatically entering the credentials with a two-screen
entry method or blocking the auto-fill process. Along came Chromium based
What I know is that “longer is stronger”
and thirty-eight plus characters total is the magic number for not cracking passwords with the
current technology criminals use. That may change but the time
required to hack even 20-character passwords will require more time than the
system is willing to spend. My passwords go on for more than 18 characters and I avoid repeating characters. It's as simple as that. Further, for those sites that permit spaces, I create pass phrases such as, "The longer a memorized secret is - the stronger it is"