"Mike Barnes" wrote in message
...
John Rumm wrote:
On 09/02/2016 22:40, David Lang wrote:

I've used the same password for years, nobody has a hope in hell of ever
guessing it. I can remember it.

The danger is, that should it be compromised through no fault of your
own, then the attacker is now able to access *all* of your online
accounts. Having a unique password per site limits the damage greatly.

Recently some site insist on having numbers as well, so I've had to add
one.

Now the bloody things want an upper case letter as well!

How the 'kinell does that make anything more secure?

By making passwords harder to guess by brute force, or by dictionary
attack.

A brute force attack will typically have an attacker (aided by a
computer doing the donkey work) attempting to guess passwords .

If you are limiting your password to lower case letters only, then there
are 26 possible values per character. Allow upper case and there are 52,
with digits 62, and so on.

But we're not talking about making extra characters allowable. AFAIK in
most cases it's "always" been possible for me to include digits, mixed
case, and punctuation if I want.

Yes, but they are now forcing people to use the
stuff that most of them wouldnt bother using.

When you scale up the number of legal
combinations, a few extra allowable characters makes the number of
unique passwords possible a vast number of orders of magnitude more
difficult to guess.

What we're talking about is them disallowing some combinations of the same
characters that have been available all along,

No they aren't. Most never allowed all the odd special characters.

and therefore *reducing* the number of legal combinations that have to be
tested.

Nope.

But actually things are rather more complicated than simply "guessing",
with rainbow tables and the like.


Sure, bit it does make sense to for the more stupid
to use more than just the letters in a particular case.