https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html
 
The xkcd comic doesn't really apply anymore. Dictionary attacks have gotten to the point where they can crack 'momof3g8kids' and 'Coneyisland9/,'
 
and apparently have dictionaries breaking 100 million words. As password attacks get better and better at predicting human patterns (and hardware gets faster), you are going to need to completely generate your passwords at random in order to defend against dictionary attacks.
 
Which means the current password model is broken, as we all know it has been for a while. Why isn't there a stronger effort to replace it with something like a universal public key system?


On Tue, Nov 12, 2013 at 4:01 AM, rysiek <rysiek@hackerspace.pl> wrote:
Dnia poniedziałek, 11 listopada 2013 15:29:13 Kelly John Rose pisze:
> The most useful strategy I've seen is to use multiple authentication
> methods or the "a few really hard passwords + random statement for each
> site."
>
> Ie. you can probably memorize something like
>
> lMB^9Pl!
>
> so use that for the sites and then tack on something like
>
> lMB^9Pl!Ilikeshopping123
>
> Then the probability of actually cracking that password is low, and
> unless you are being specifically targeted, even if they got that
> password they wouldn't immediately be able to use it on other websites.
> It's easy to remember because that 8 digit code you'll type everywhere,
> and the ending is always something cognitively easy.

Oblig. XKCD:
http://xkcd.com/936/

--
Pozdr
rysiek