My brother used to use asdfghjkl;' as a password so he could just drag his finger across the keyboard from the a key to the enter key. The original swipe to unlock!

My first password ever was qazwsx and I used it until I learned that it's included in "known" password text files and thus instantly crackable.

However, I wonder how safe it is to take an "easy" password like /.,/.,/., and then add a bunch of exclamation points to the end, so that it's both long and not part of a dictionary.

I'm sure password crackers are advanced enough to first try taking common passwords and then adding human modifications to make them more secure.

But something like MyDogRules###########! seems like it could be very secure, actually.

I remember reading a blog post about how something like "aaaaaaaaaaaaaaaaaaaa…" with sufficient 'a's was actually perfectly secure since it wasn't included in any of the common cracklists or hash leaks. I think the number of 'a's was somewhere in the 30s. Obviously bruteforcing it would take absurdly long, too.*

The problem is, after I've committed a long passphrase into muscle memory, it probably takes me less time to type a 40-character phrase than count 40 individual keypresses of a button hoping I don't miscount.

* Assuming nobody is stupid enough to make a depth-first password cracking program. "I'm down to a billion 'a's now. I should be ready to try a 'b' any minute now!"

This article from 2013 shows some impressive password-generating techniques that cracked secure-looking passwords like momof3g8kids. It doesn't specifically give an example like MyDogRules###########!, but it seems reasonable they could get it by similar methods of concatenating multiple password fragments.

[0]https://arstechnica.com/information-technology/2013/05/how-c... (OK, the passwords were hashed only with MD5)

So I guess what they're saying is if they just use older password technology and they get hacked, you're screwed.

best practices have changed from using a complex password with lots of upper/lower and symbols to use something longer but easier to remember. More strength from misspellings and a few symbols

My Fav0riT Pas%werd

is actually pretty solid compared to

df22@$Fasdf

because the latter is more crackable

I really like the logic behind this one: https://www.xkcd.com/936/

It also doesn't require any special characters and its quite easy to remember.

The only knock on this strategy is that the more people adopt it the less effective it becomes (crackers will just start trying combinations of common words). The up-side is there are more 4-word combinations in English using only the 10,000 most common words than in any 8-character password, so even if crackers targeted the strategy specifically it's more costly to crack.

Misspelling and using a few character replacements makes a dictionary attack much more difficult. You don't have to make it too hard on yourself, just a few changes to make a really secure password.

Is your username an ode to this somehow? :)

Mr. Asdf sir

Nope, but by an old internet meme: https://knowyourmeme.com/memes/asdfmovie

I forgot all about asdfmovie! That's an oldie for sure.