I should have said for example rainbow tables, thats just one method. My point is that it doesn't take forever to crack passwords now, yes a longer or more complex password will make it take longer to some extent but don't rely on it to make that much of a difference.
Interesting to add that there is now 4 factor authentication.
1. Something you know - password, pin
2. Something you have - smartcard, token
3. Something you are - biometrics
4. Somewhere you are - location based.
I guess I could have clarified myself better. Assuming we are talking only about strength of password (as the OP was) and ignoring the specific system, then my examples are sound. You aren't going to brute force a random 6 character password, there are simply too many combinations.
Depending on the system that is using this password, there is quite possibly some way to recover that password. We could go on all day talking about different techniques for cracking different systems, and most of them will be successful regardless of strength of password.
Unless you are encrypting your data, it isn't truly secure. Physical access to the machine renders pretty much all authentication pointless.
For those systems you don't control, there isn't much point worrying about all the what if's of how it could be compromised. The only thing you can do is use a secure password, which goes back to the original topic.
Previous Topic
Index
