Gene Heskett wrote: > 10 characters is entirely within the realm of being solved by john in a > surprisingly sort time. In order to use john you will need to be running an offline attack against an already exposed account database. It doesn't work as an online attack. > But every character you add makes it job around 62 more times as > difficult. ANY password I am forced to use online, has an automatic > minimum by my own rules of 18 chars, and it its acceptable on the > other end, may be 23 or 24. I use a unique password on every site. I never reuse passwords. If a site is cracked open and the account data exposed so that someone can run an offline attack against the password database then it only affects that site and not others. > Please be aware that your banking site may appear to accept a 24 char > password, but they will silently clip off the surplus above 12 or so. I will shame Schwab again for silently truncating to 8 characters. Bob
Attachment:
signature.asc
Description: Digital signature