Are passwords like this actually that strong? Wouldn't it

Passwords like this are stronger against prying eyes, which is what will affect most common users (if they don't just flat out give their password away via a keylogger, etc.)

Long passwords (like talked about on le ebin xkcd comic) are THEORETICALLY better against bruteforcing, because of how dictionary attacks work. However, when you use a string of real words together, it is much easier to follow the keystrokes used and guess the password manually.

As for me, I prefer the first option, along with a healthy dose of "not being retarded enough to type my passwords on a device that isn't secure".

>>55797865
Yes, they're strong.

It would be easier to bruteforce if the attacker knew your password length, but why would they? 15 char passwords are too difficult to bruteforce anyway

File: 1468624538205.jpg (37KB, 460x463px) Image search: [Google]

37KB, 460x463px

What do you mean already know what characters to look for?
Passwords like this are basically unbreakable, it's obscure - doesn't contain real words, has uppercase,lowercase,symbols and numbers and is very long. Pretty much impossible to break this password without a super computer. My longest password that I can remember is 25 characters long, purely by length this password is insanely strong

>>55797865
>Are passwords like this actually that strong?
it really depends on a lot of other factors, like whether you're storing that password somewhere, using the same one in multiple places, etc...
>Wouldn't it be easier for someone to bruteforce them since they already know what characters to look for
how would they know to look for these characters?
>or what the password's length is if you use the longest acceptable one?
if you know the length of the password it diminishes the complexity significantly, but nobody ever said that you need to signal to attackers the correct length or any other constraints. the site/system in question will impose maximum limits (generally) and attackers have to try everything under that curve to brute force it.

the best password is not found in a dictionary, is unique (ie not shared across services), and is not written anywhere. the people that store their passwords in password managers boggle my mind; we've seen tons of issues with password managers in the past few weeks, but this is hardly the first time issues like this have come up.

come up with a simple heuristic to generate a password in your head by using a phrase. like take the first and last characters of every word in the phrase "My password for Gmail is this stupid shit." => "MypdfrGlistssdst."
Add date modifiers if you want (e.g. "My Gmail password for Summer 2016 is this long ass shit." => "MyGlpdfrSr26istslgasst.")

it honestly isn't that hard. choose a simple phrase and use a heuristic that's easy to work out in your head (don't do anything obnoxious like character-shifting unless you're a total nut).

>>55797865
>what characters to look for
You mean all of them? Passwords like those use uppercase, lowercase, numbers, and symbols. Even if you eliminate combinations that don't use all four of those categories, you still have an astronomical amount of possible guesses.

>>55797940

But that's a "trapdoor function" of generating passwords..

It's easy to create passwords like that. but will you remeber the original sentence?

Was it "My password for Gmail in Summer 2016 is this long ass shit" ..?
Or "My Gmail password for Summer 2016 is as long as this shit" ..?
Or "My Gmail password for Summer '16 is this long ass shit." ???


It's not that simple.

>>55798114
Not him, but just pick a song lyric and do a similar thing. That should be trivial to remember.

File: fugashi.png (705KB, 680x768px) Image search: [Google]

705KB, 680x768px

>>55797865
Passwords like in the OP pic are retarded, just use common words like nuttednannybuttblaster or cumbucketexpress.

File: TSUCHI FUCKING MIKADO.png (1MB, 776x1501px) Image search: [Google]

1MB, 776x1501px

>>55798258
Mine go like this
>martial art plus the name of an anime characters from the last season

pretty fucking secure tbqh.

>>55797865
https://www.youtube.com/watch?v=7U-RbOKanYs
https://www.youtube.com/watch?v=3NjQ9b3pgIg

That should clear things up a little.

>>55798258

>just use common words like nuttednannybuttblaster or cumbucketexpress

But those are not very safe..

Say I get somehow access (by SQL injection) to the list of the password hashes.

Let's assume you don't have salt or pepper.

Since I hate waiting I already prepared a rainbow table including all possible combination of 4 words of a small langauge subset - leetspeack, common words that stuff:


I'd get your password in a few seconds, just because you didn't want to use alphanumeric characters or combinations that I couldn't (theoretically) guess.

>>55798413
Which is why you use a password mananger and let it generate them for you while you use something like one of those for your master password.

To be an ass, just insert an an odd symbol in the middle of one or more of the words that are NOT a substitution.

Bruteforce that.

>>55798413
>I already prepared a rainbow table including all possible combination of 4 words of a small langauge subset
Good luck with that lol