Does a brute-force dictionary attack have any realistic chance of breaking a 24-character password like Raiders5355RedburgEunice, when the payoff is relatively small (e.g. my modest bank account or one of my modest bitcoin wallets)?
I do agree that adding in some special characters would help - maybe from now on I put a dash between each word, e.g. Raiders-5355-Redburg-Eunice. A dash seems to be allowable by most password systems.
I agree with you, your password seems very strong. Adding a dash (or other things) should be done to make it even stronger.
(1) I suggest you devise a strong password such as that. Then get LastPass (www.lastpass.com
) or Keepass (http://www.keepass.info
). Keepass is FLOSS (i.e., free) and LastPass has a free version that will do do what you need (plus more).
I use LastPass myself, however KeePass is equally good (as in protection).
LastPass is easier to use it you want to use it to login to sites. If you don't want to do that, then KeePass would be good.
You will need to keep a backup of KeePass somewhere (in case your computers crashes).
You will not have to do that with LastPass (An encrypted copy will be stored on a LastPass server).
LassPass does not
have a copy of your LastPass key.
In both cases, if you forget your password then you are done. !!Warning!!
You could reset your password with LastPass, however I suggest you to turn that option off.
If you decided LastPass, then post again and I will instruct you how to turn that option off.
(2) Then use your password (the one you devised earlier) as your main password for Lastpass or KeePass. Then within LastPass or KeePass, you could store your other passwords.
Here is an example of what one of those stored passwords could look like: 2v&u&@wutxazC3%s&C@vhq^tykqa%WN8YAc!nh69JT6pTc2bSyqzgd$4GnKaaFK2cG4T3@vaHFWT3J*6QP4s*pTVcu*CaKtaf8uj
I used LastPass's Password Generator to come up with that. KeePass also has a Password Generator.
I also advise you to check out: https://www.grc.com/haystack.htm
to get an ideal how long it could take to bruteforce your password.
Assuming you use Raiders5355RedburgEunice : 33.64 million trillion centuries
Please read the whole page
, it will open up your eyes. From that site:
"...The #1 most commonly used password is “123456”, and the 4th most common is “Password.” So any password attacker and cracker would try those two passwords immediately. Yet the Search Space Calculator above shows the time to search for those two passwords online (assuming a very fast online rate of 1,000 guesses per second) as 18.52 minutes and 17.33 centuries respectively! If “123456” is the first password that's guessed, that wouldn't take 18.52 minutes. And no password cracker would wait 17.33 centuries before checking to see whether “Password” is the magic phrase..."
The generated password I provided could take: 1.90 million trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries