Many systems rely on simple passwords for protection, which is not ideal since they can often be easily compromised, reused, or exploited by attackers. This section will examine various password-related attacks and defenses.
What makes a password strong? Is it its complexity, length, or the inclusion of special characters?
The comic by xkcd effectively illustrates how passwords can be compromised. Take a moment to review it, and then we can discuss further.
Note: Entropy refers to unpredictability; higher entropy means a password is more difficult to crack using standard methods. |
Comic from XKCD: https://xkcd.com/936/
The password Tr0ub4dor&3 adheres to many password policy requirements, including a mix of uppercase letters, numbers, special characters, and an 11-character length. However, it has several drawbacks:
In contrast, the password CorrectHorseBatteryStaple demonstrates significant improvements:
This type of password is known as a passphrase and is generally a better practice than a complex single word. To enhance its strength further while complying with password policy rules, consider adding special characters and capital letters. Additionally, using spaces in passphrases makes them more natural to type.