The fifth hash was a phrase, which had some degree of randomness. It will eventually be cracked — I just didn't give them enough time to do it.
- 1E091A88703C6AE122D27142B7FA560C (Mju765tgb)
- 2AC9CB7DC02B3C0083EB70898E549B63 (Password1)
- 161EBD7D45089B3446EE4E0D86DBCF92 (P@ssw0rd)
- 32F6BDC00ADB77635E78FF8CAB9D7DFD (Zaq123edc)
- E26EB03A0A62B42C37CD44833178099E (Steve'sjobiswithIDG1234)
"Passwords are not going away any time soon, so what we need is a stopgap; and passphrases are one possible solution," said Garret Picchioni, security consultant with Trustwave.
"They provide a win-win alternative for both the end user and the organization itself. For the organization it's a win because passwords of a required length overcome many technological cracking techniques that exist today. For the user, it's a win because it's a password they can remember."
There's nothing wrong with using a weak, easily broken password on a website that isn't all that important, especially if you save long, random passwords for the websites that matter — like a bank.
I'm still a fan of password managers, as they only require me to remember a single phrase. For the record, my phrase is actually random words separated by other characters. That password I know, the same goes for my throwaway passwords, but I couldn't tell you my VISA password to save my life.
Sign up for CIO Asia eNewsletters.