As a consultant I visit a lot of companies. At most of these companies I have an account and associated password. Every company has it’s own set of password rules most of the time expecting a combination of letters, numbers, uppercase, lowercase and special characters. But how useful are these password policies and in what ways does it help to make my password hard to crack?
There are a lot of misconceptions regarding passwords and what a lot of people think is a secure password in the end is not. For example, do you think that “P@ssw0rd1!” is a more secure password than “This is my password”? (At least what I know, is that the second one is a lot easier to remember.)
Let’s use Haystack to get the answer:
“Haystack is an interactive brute force search space calculator that allows you to experiment with password length and composition to develop an accurate and quantified sense for the safety of using passwords that can only be found through exhaustive search.”
First check “P@ssw0rd1!” :
Let’s now check “This is my password”:
Is this what you expected?