I just read an interesting blog post over on http://www.baekdal.com/tips/password-security-usability which gives a good case for not using random letters, numbers, case and special characters… The writer claims the password of “this is fun” would take about 2500 years to hack.
Most business security policies require passwords that are a minimum of 8 characters, with upper and lower case, numbers and special characters, and on top of that, they require you to change your password every so many days. Yes, very annoying, and people find not-so-creative ways to circumvent the password changes. For instance, if your password is “Fubar#70”, when prompted to do so, you may enter “Fubar#71” the next time, and just keep incrementing it.
But, if this person is right, and an 11 character, all lower case password would take hundreds of years to hack, then maybe businesses should rethink their security policies regarding passwords?
Three simple words like “pass the gravy” would be far more secure than your “Fubar#70”, in fact go to this URL and give it a try… http://howsecureismypassword.net/
For the record, all my passwords are “p455w0rd” because I know nobody will ever guess that.