Those kinds of transformations are known to hackers and easy to automate.
Which is why I use the "every other character with the <shift> key" part. Those digits, which I agree are easy transformations to automate, become punctuation characters when you use the <shift> key.
Mapping digits to punctuation via the <shift> key is also easy to automate.
Does this actually make the final result password more secure? I can't say with any certainly because I haven't done any personal crypto testing myself, but at least we can probably assume it doesn't make them any LESS secure.
It's probably not less secure than ".357rugermag", but that's only about 45 bits so it's not a very high bar for a super-secure password. It's probably not as secure as 12 genuinely random characters would be (84 bits). Whether it's secure enough is a judgement call. It may also be something which would likely remain unbroken today, but become weak as hackers catch on to those transformations.
However, KeePass on my Android phone is not as easy to use, nor is the cut-n-paste, compared to a desktop computer.
Fair point. I don't use many passwords from my phone. There's always a trade-off between security and convenience.
Previous Topic
Index
