Mathematics of hacking passwords

Interesting article with some maths about passwords here

One of the concluding paras says

The obvious conclusion for users is that they must choose their passwords randomly. Some software does provide a random password. Be aware, however, that such password-generating software may, deliberately or not, use a poor pseudo-random generator, in which case what it provides may be imperfect.

Truly random passwords are harder to hack but not easy to create and even less easy to remember!

This article highlights the great lengths that developers and users need to go to in order to create a ‘secure’ password beyond the simple process of creating a password that is long enough with each character having as many options as is possible. It also talks about the fact that all of that is meaningless if the database of passwords is exposed and is stored in plain text so hashing is used to create a fingerprint of that password and, of course, it is possible to hack that as well if you really wanted to.

All of this exposes the vulnerability of passwords.