Is that a job title? I have cracked passwords before, yes.
> Do you have a password cracker database in front of you?
Yes? It isn't the English dictionary, it is a common password list assembled by someone else based on historical password leaks.
> Tbh the best password he could have written would probably have been a sentence like
As stated in the article, the complexity requirements didn't really allow sentences. And that is been my experience with a bunch of systems. They have artificial length limits (e.g. 20 characters) and require arbitrary types of characters.
Windows' default complexity requirements are a typical example of this kind of thinking. It should be calculated based on some kind of strength score, not on 1980s style character sets which actually reduce the scope of available passwords (e.g. if the first letter has to be a letter, you now know that it is one of 52 characters).
Is that a job title? I have cracked passwords before, yes.
> Do you have a password cracker database in front of you?
Yes? It isn't the English dictionary, it is a common password list assembled by someone else based on historical password leaks.
> Tbh the best password he could have written would probably have been a sentence like
As stated in the article, the complexity requirements didn't really allow sentences. And that is been my experience with a bunch of systems. They have artificial length limits (e.g. 20 characters) and require arbitrary types of characters.
Windows' default complexity requirements are a typical example of this kind of thinking. It should be calculated based on some kind of strength score, not on 1980s style character sets which actually reduce the scope of available passwords (e.g. if the first letter has to be a letter, you now know that it is one of 52 characters).