Most computer users should know by now that unique and stronger passwords are better. But what exactly means stronger? Most say that adding a mix of characters, including upper- and lower-case letters, numbers, and special characters will do the trick. Combine that with a decent length, say 16 or more characters, and your password should be hard to crack.
ProxyScrape, a service for scraping websites using proxies, says that using the number 7 in your password makes it stronger than any other number that you may pick.
Here is why: while many pick 7 as their preferred one-digit number, most computer users pick other numbers when they set passwords.
This is not a problem for users who use password generators, but those who pick passwords manually tend to prefer 0, 1, and 2 over other numbers.
It happens that 7 is the last choice when it comes to numbers, according to ProxyScrape CEP Thibeau Maerevoet (via Betanews).
So, if you pick 7, or if your password generator picks it for you, then you throw a wrench into the tires of the brute forcing machine.
This is especially true for dictionary attacks. These use preset words and sometimes words with characters added to them. It is, for instance, common, to test words, and then the same array of words but with the character 1 added to them.
Similarly, dictionary attacks may replace the character I with 1, or E with 3.
Tip: find out if yo should save passwords in browsers.
This does not really affect users who use very strong auto-generated passwords. It does not really matter if a 20 character password that is randomly generated has a 7 in it or not. But passwords that users pick, like dallascowboys1, may have a better chance at surviving the first wave of attacks when you replace that 1 with a 7. Even better, put the 7 somewhere in the middle, say dall7ascowboys.
What is your take on the observation? Will you start adding 7s to your passwords in the future?
For passwords I need to remember because I plan to type them in, I use long non sensical ones or Yoda Speak, it works well because they are long, easy to remember, and hard to guess by those who know a lot about you. Ye11owBirdsFlyindirt2;) NotsameUallmake!
For copy pasting from my (portable) password manager I use the ones it generates. (c;10waFZx<5@70871932+%<
Note: Longer = Stronger, it's math.
“While many pick 7 as their preferred one-digit number, most computer users pick other numbers when they set passwords.” as being the reason advanced by ProxyScrape seems odd to me otherwise than as a conjectural approach, hence not at all structural, hence neither as a principle nor as a theory, and even less in terms of probabilities. A bit like the stock markets when the crowd moves on the basis of a idiotic information.
I wouldn’t add a “7” just to comply with an ephemeral information. Nor would I remove it.
I believe in randomization, should it be pseudo-randomization only. I let the algorithm set a 32-character password, upper/lower, digits and special characters, and never use the same of course.
“Adding the number 7 to your password might make it stronger”. Might. Fortunately the article does state “This is not a problem for users who use password generators, but those who pick passwords manually tend to prefer 0, 1, and 2 over other numbers.” Gosh, if it were only “some” and not so many as various articles round the Web regularly point it out…
What about using those websites that can flip text upside down? Use a password that includes åäöÅÄÖ + some weird greek sh*t and then flip them all, or just flip half the text. A password that’s 177 characters long, with some of it flipped. Save somewhere in a textfile only you know where it is or what it’s called, so you can copy/paste. Bruteforce THAT, you sons of bitches.
The larger the range of characters, the better. Picking uncommon characters, for a language, protects probably against most dictionary-based brute force attempts.