Also see How I Send Login Credentials.
|Fastie-Style Passwords||New List|
These passwords are randomly generated on Will's Web site and are sent over the Internet.
Because Will's site is protected with SSL, these passwords were protected from prying eyes.
Notes about these passwords:
- Passwords in this list will be no shorter than 14 characters and could be as long as 24.
- The words used in these passwords are taken from a list of 100,000 English words.
- There are 10 trillion pairs of these words.
For the authoritative discussion of how secure a chosen password might be, read about Password Haystacks from Steve Gibson, Gibson Research Corporation. You can safely test a password chosen here on the Haystacks page.
How Good Are Fastie-Style Passwords?
Read the "Haystacks" article I mention above. It's excellent, trustworthy, and you can use the form on the page to test a password.
Let me emphasize something about the "Fastie Style" of passwords. You may think that random strings of characters are stronger, better passwords than the style I favor. And you may think that because my passwords have a pattern that they will be easier to decode.
Here's the thing. The computer program that is trying to discover your password via brute force does not know how you have chosen a password or how long it might be. All it can do is generate random strings of characters and try the password to see if it works. The password Random-Password-99 is just as complicated as the password aJD)ipRm;%d~!QwfyI to the attacking program. Those words mean something to you because they are English, but to the program they are just another random string of characters.
You might ask whether a specific attack designed around my particular style would work. The answer is yes, but it's still a difficult and time-consuming job. Assuming roughly 200,000 English words, The combination of two words results in 40 trillion pairs. Adding punctuation and digits makes it harder.
Of course, I change things up. I don't always put the digits at the end, don't always use two digits, don't always use hyphens as the punctuation, sometimes change spellings to make what look like words but are not in the dictionary, and sometimes use other styles. Thus even a purpose-built attack takes thousands of centuries.
But that's against me, because I've written an article talking about how I choose passwords (I really shouldn't do that). No attacker can tell that you have chosen my style.