The science behind hacking passwords has evolved much faster than the passwords themselves. While many websites and programs set limits on password-attempts that make brute-force attacks impossible, there are plenty of sites that do not. With many people using the same password for multiple sites and profiles, they don’t necessarily have to hack everything. They just need to find the weakest link.
The cartoon above by XKCD brilliantly and simply explains why long passwords with common random words are much more effective than the standard 1 capital letter, 1 number, 1 symbol, 8-12 character-long password. Below, we take a look at the most common passwords used. Moral of the story – don’t be dumb but don’t outsmart yourself.
Click to either the cartoon or the infographic to enlarge.
Funny that the XKCD Comic and the ZoneAlarm Infographic actually contradict each other. Personally, and as strange as it may seem, I trust the XKCD Comic’s message more than the ZoneAlarm Infographic. The Infographic mentions the dangers of short and common passwords, but in the end it’s conclusion is to generate some kind of obtuse cruft which the XKCD Comic shows is pretty insecure anyway. From now on I can tell you, I will be using, designing for, and encouraging the use of passphrases over passwords anyday. And I will also be retiring the old requirements for passwords to be a combination of uppercase, lowercase, digits and punctuation – it’s really quite an outdated practice which does nothing but provide a false sense of security (at the cost of memorability).