Rule 2,3,4,7,8 actually make your password less secure.
2-4 gives the hacker a set of characters he can expect to appear at least once in the password. All possible passwords that don't contain numbers for example fall away and don't have to be tested in a brute force attack or when getting the password from the hash.
7-8 mean that for x characters in a password alphabet there can only be x-2 characters following any character. This together with Heil Hitler actually helped break the Enigma Encryption Machine and is attributed to Nazi Germany losing the war.
Anyways this does create a safe password policy regardless. The things it requires you to do out weighs all of the cons.
8 Characters - Anything less than that can be cracked in minutes.
At least one letter - Anyways increases chances and who doesn't have letters.
At least one special character - There are so many, now the cracker must still find which one and where within the password IE: XXXX%XXX or maybe %XXXXXXX.
At least one number same case as above, basically a guessing game. If you take out your symbols the chance of guessing each individual character goes from 1/26 to 1/35. Only hint you get there is at least one number. And who knows you don't know where.
Consecutive alphabet letters ABle or STreet once again makes it harder for a true brute force to crack
Same goes for double letters.
Now I know what your trying to say is that hey, we'll if they let me have my password sexxyBeast2# in the first place it would way more secure without those silly rules. Since the cracker doesnt know that double letters could be done, so that's just X more passwords he has to go through before me. Yes that is true. It makes already good passwords easier to crack by reducing possibilities in a whole but for the people that have password123 as a password it then will make there's more secure since they would have to change their passwords to make it more secure. (A password like this would be cracked almost instantly...) So yes their are pros and cons to this password policy. But the majority of people it will end up benefiting. Plus if your password is XjsuEnaf42?$8 it would take a eternity to crack it anyways even with the hints and restrictions given.
tldr: It makes it easier to crack hard passwords, and harder to crack what would have been a easy password. Due to "hints." Nonetheless, with all the hard passwords given it would take almost forever to crack the passwords anyways.
11
u/GregTheMad Mar 08 '16
Rule 2,3,4,7,8 actually make your password less secure.
2-4 gives the hacker a set of characters he can expect to appear at least once in the password. All possible passwords that don't contain numbers for example fall away and don't have to be tested in a brute force attack or when getting the password from the hash.
7-8 mean that for x characters in a password alphabet there can only be x-2 characters following any character. This together with Heil Hitler actually helped break the Enigma Encryption Machine and is attributed to Nazi Germany losing the war.