Originally Posted by ERD50 View Post
I never understood this. Why force users to include a number? That automatically reduces at least one of the characters to 10 tries to guess it. ...
Why just use a 12 character password? I use at least 16 and usually 20 characters. Numbers and special characters add more possibilities, that's entropy.
How strong is a 12 character password?
According to the traditional advice—which is still good—a strong password: Has 12 Characters, Minimum: You need to choose a password that's long enough. There's no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length.May 9, 2018
Is a 16 character password secure?
A 90-bit password is well outside the range of what even the most determined and well-resourced attacker could do. They simply would not try to guess it. ... A 16-character properly generated password is going to be more than strong enough.Oct 10, 2018
I can't copy and paste from the link provided below so I'll just say this is an example of my userids and passwords but is just made up for an example:
k0Pp$cE23!a@AS98HnjT
Per this site
https://www.grc.com/haystack.htm
Online Attack Scenario:
(Assuming one thousand guesses per second) 1.15 thousand trillion trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 11.52 million trillion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 11.52 thousand trillion centuries
You can test your password or userid at the site but don't use your actual ones cuz who knows whether they are captured and used to break into your accounts! For example, if your password was F5$jj*1K (just as a shorter example than a 20 character password) then I would use a corresponding set of characters like K9(uu%7M to test the strength.