

How to Build a Strong Password That's Also Easy to Remember and Type - Alterlife
http://www.jeevanjohn.com/nobody-knows-my-password---not-even-me

======
Triumvark
Common password crackers will take a dictionary and then extend that basic
dictionary by using common transformations.

Moving a letter around on a keyboard or replacing vowels with numbers, all of
these increase the dictionary size, but since they are reducible to simple
rules, the crackers can keep up. These methods aren't adding significant
complexity.

When you add additional words, then you get some exponential complexity. Say
we have five words in our dictionary: apple beggar catapult dice entropy

If we include reversals, we double the size of the dictionary. This is true
for any sized dictionary. If we include versions which substitute all vowels
with numbers, we double the size of the dictionary. This is true for any sized
dictionary. If we include shifting the characters up, down, left, or right, we
multiply the size of the dictionary by 5. Better, but true for any sized
dictionary.

If we instead use passwords that combine two words, the dictionary grows by 24
times. This increase becomes more dramatic as the dictionary grows, and it
outpaces all other simple substitutions. If our dictionary contains 100 words,
the number of passwords to check is well over 100 digits long. None of the
other simple transformations is as powerful as the addition of another word.

