Alright, let's go down the rabbit hole a little deeper and hopefully give you things to think about. <br><br>The word chosen as the basis for the complex password was something uncommon. This is to deter easy brute force attempts and may have had some meaning to the user. After that has been established a common letter-number substitution is used. Finally at the end of the password is a common set of punctuation and a number. There is a formulated pattern to this password. Now cracking it becomes that much easier. We look for uncommon words in the speakers native language with at least 6 characters. We run it through a simple substitution algorithm and append a set of punctuation and numerals to the end. <br>
<br>Entropy in cryptography is the amount of information that is unknown and must be guessed. Most corporate password standards are the following:<br><br>At least 8 characters with at least one selection from each of the following categories:<br>
-Capital letter<br>-Numeral<br>-Special character<br><br>It can't contain the following:<br>-Username<br>-company name<br>-Can't use a dictionary word<br><br>Generally what you find are things like Psswrd123 or Asdf1234, simple things to get through the filter. So, are we really increasing security? The tighter the rules the more formulaic things tend to become. When a password expiration is done you will see the first example move to something like Psswd124 and that last number incrementing until they can reuse old passwords. <br>
<br>The comic is very interesting and thought provoking. Hopefully it does make you think about your passwords and how you use them. Not every system I use allows spaces so I stick to a few patterns based off of books I have read. Usually a memorable quote and never the book title. And of course, this doesn't even start to talk about password reuse on multiple sites. <br>
<br>Thanks for the discussion and dissecting this comic so thoroughly. <br><br>Dan<br>