I recommend passwords that are 8-12 characters, easy for you to remember, hard for others to guess, and have a nice mix of upper, lower, numbers, and punctuation.
Thanks for your input !
I have been using LastPass of late to generate and store passcodes and using whatever maximum character allowance provided by the site (for email, that is). Before using LP I was doing it on my own by taking a sentence, quote, song line, etc. and taking the first letter of each word in it and transforming it to something passcode quality. Use symbols for look-alike letters and some words ($ = s; @ = a, + = t; & = and; # = the, etc.), then change remaining letters to numbers, capitalize verbs, don't use any symbol more than twice and so forth.
So, for one account I no longer have I took the first line from The Brady Bunch theme:
Here's the story of a lovely lady Who was bringing up three very lovely girls. All of them had hair of gold, like their mother, The youngest one in curls.
So,
h t s o a l l w w b u t v l g a o t h h o g l t m t y o i c became the passcode
h#$0@llwWBU3vlg@0+Hh0gl+m#y01c
A 30-character passcode that was very strong, yet easy to remember and reproduce.
In that thread you (Ray) said:
The stronger the password the longer it takes to crack it. A strong password, combined with regular password changes, significantly reduces the chance that it can be cracked by a determined person with reasonable resources before your next scheduled password change.
Ah, so it
is better to have a longer passcode (more than 12)
if one is able to manage to remember it and keep it private. And thanks for the example you gave in that thread of the time it would take to break a 10-character passcode. That's the kind of thing I was trying to say that I had read about before.
Re: Passcode changes: I've always been curious about this. I'm not sure why it's the norm for so many password discussions and how-to pages to suggest
frequent changes.
If a passcode has been 'working,' and an email account has been so far unpenetrated, why change the passcode ? How exactly does that keep the hackers at bay ? It sounds (to my very ignorant, amateurish mind) like saying "change the locks on your doors several times per year." We would only change our locks if/when we suspect that someone else
has a key (stolen or homemade).
In the case of an email account, someone would either already have the key (i.e. know our passcode) or would be trying to get it. But the example you gave would suggest that it would take soooo long to crack a long 30-character passcode that I don't understand what changing it would do. How can a hacker know that they have part of one's passcode cracked ?
There was a time that having a multiple of 7 was best for Windows domain based passwords. A password length of 7 or 14 was better than 8 or 12 I think due to the way that Windows encrypted the passwords. That may or may not still be true for Windows domain passwords.
Interesting ! I'll try to research this a bit (just to satisfy my curiosity).
Thanks again for the information !!