Originally Posted By: Duffyjr
I apologize, I really didn't think anyone would take this seriously, thats why I said I send it out for fun.
Let me explain, I get customer calling in all the time that forget their passwords and want to use something they can remember which is always to easy, like their dogs name followed by the year they were born. So after I setup a good password for them I email some of them this link and tell them to put in what ever it was they wanted to use so they can see how fast it could be cracked.
Nah, I completely understand. I should have worded my comment better I suppose. Nothing wrong with the thought at all and I understand where you are coming from. I just wanted to mention in general just because a site says a password is super secure does not mean it is. These sites typically just look at total length of the pass and if any numbers, uppercase, lowercase, or special characters where used.
There is a hand full of security company's that strip all the illegal content out of data base breaches (mainly just keeping the password/hash. They run these over a A.I. system to determine how people create passwords and the patterns in between.
You can build rulesets with the finding to manipulate the dictionaries to improve their odds.
Most passwords are 8-10 characters in length followed up with a capital letter at the start with lowercase until the last 1-4 characters either being (as you said a birth year or any form of year most commonly being the year they created the password.
Password complexity only helps with dictionary attacks and even then its not super effective. At this time length wins but even then length can be beat by brute force depending on the hashing algorithm. I use a 980ti and in most cases I'm able to guess 18.6 billion hashes a second.
Anyways I've gone off track again.