Ay5xhQxV!D or hfybnzfylawcxfyj
Steve Gibson was talking in the latest Security Now episode – #442 about his latest project and how he was trying to get around the problem of entering secure passwords on phones and tablets which have very small keyboards and how hard it is to enter special characters. His solution was to only use lower case alphabet characters, but make the length longer.
I did a quick analysis on Steve’s password site on how long it would take to crack the above specific passwords.
The first password Ay5xhQxV!D, uses all possible characters, but is only ten characters long. He calculates that in an “Offline Fast Attack Scenario: it would take 19.24 years to crack.
The second simpler password hfybnzfylawcxfyj, only uses lower case alphabet characters, but is 16 characters long and would take 144 centuries to crack.
The conclusion is that you can only use a lower case alphabet characters, but you have to use a long length – 16 characters or longer to get adequate protection.
I use LastPass for all my online passwords and allow it to generate 16 character passwords using all characters. That combination results in 141 billion centuries to crack!
For accounts that you do have to enter passwords into on your phone or tablet, like Netflix when it updates its apps, a long lowercase mixed-alphabet password will do a good job.