Thanks guys! I was looking for a good clip to segue into a brief discussion about basic password policies over at the Intern’s Revenge blog. Although I was a little surprised about advising people to use two dictionary words as a “strong password.” Am I alone in thinking that’s not good practice?
Strength is determined as a factor of the overall “key space” and the length. Assuming uppercase, lowercase digits and non-alpha characters are allowed, then the longer password is better. While we like to beat people about the head and shoulders to suggest they need to choose inane combinations as a password, taking two words that they know, and joining them together with some non-standard characters creates a long password that should not fall prey to dictionary attacks.