The problem isn't making it impossible to randomly guess.
The problem is people -- they chose commonly guessed phrases and passwords. If they bothered to salt it with '@'s and the like, we'd see less hacking because of that 'takes forever to brute force a character' routine. But they don't.
So once again, you run afoul of the user issue.
We need to convince more people to salt their passwords.
Also, your suggestions don't factor in a targeted attack -- in this case, even if they divine the common phrase, they'll be unable to recover it completely if you salt it.
All I'm advocating is one step more -- salting the damn thing.
And if people insist on short passwords, "I like football" is probably going to crop up more often than "The emperor of the old republic smells like crayon farts".
However, if they at least salt the short password (that currently has TOO few words), they've strengthened it significantly at little cost.
I do agree with replacing characters with similar looking ones as a salt, but think that even that is too damn obvious unless you like to add in funky punctuation sporadically.
The problem is people -- they chose commonly guessed phrases and passwords. If they bothered to salt it with '@'s and the like, we'd see less hacking because of that 'takes forever to brute force a character' routine. But they don't.
So once again, you run afoul of the user issue.
We need to convince more people to salt their passwords.
Also, your suggestions don't factor in a targeted attack -- in this case, even if they divine the common phrase, they'll be unable to recover it completely if you salt it.
All I'm advocating is one step more -- salting the damn thing.
And if people insist on short passwords, "I like football" is probably going to crop up more often than "The emperor of the old republic smells like crayon farts".
However, if they at least salt the short password (that currently has TOO few words), they've strengthened it significantly at little cost.
I do agree with replacing characters with similar looking ones as a salt, but think that even that is too damn obvious unless you like to add in funky punctuation sporadically.
Slave to the Patriarchy no more
