The most dangerous break-ins are those where some cyber criminal is able to get the master password file for thousands of users! Or get a DB with credit card numbers. A huge amount of effort should be focused on that.

Cracking an single individual's password, one at a time is normally not an effective strategy for a criminal who is interested in huge financial gain. As we've seen targeting specific individuals (like celebrities) can have significant payback to get that one single account. But that is not, for a website as a whole, the most dangerous thing.

Update: When you get into "passphrases" instead of passwords, like: "MyMomHatedthe'57chevy", showing the printed text on the screen isn't that bad (might be hard for you as the account holder to get it right). This passphrase is very difficult to crack if you only have the encrypted version and are using brute force. If you have a short password and I'm looking at what you type (normal folks don't type that fast), I can know enough to "fill in the blanks" that I don't know by experimentation. I turn around and look the other way when one of my clients has to type an important password.

In reply to Re: Password strength calculation by Marshall
in thread Password strength calculation by cavac

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.