As others here have already mentioned, adding numbers to the end of a password only increases cracking difficulty marginally. I'm not convinced that adding different cases or special symbols helps that much either.

The most secure passwords are either randomly or mnemonicly (is that a word?) generated. The benefit of the latter is that it's easier to remember than the former.

For example, I can take an easily-remembered phrase like "if you can't beat them, join them" and create a password out of the initial letters: iycbtjt. It looks random, but to the creator, it makes sense. Granted, it's only 7 letters, but it's better than using dictionary words.

Another method is to take a dictionary word and split it up with numbers or special characters. Like splitting aardvark with 546: aard546vark. It's no longer a dictionary word, but the creator can see it as such.

Here's a PDF translated into HTML discussing the memorability of passwords:
http://tinyurl.com/28b8m

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/245/26605#26605