- Sites limiting the size of passwords is just stupid.
- Most password crackers begin with hacking a copy of the database password hashes rather than bruteforcing the password field of a website
- Any site of any worth will use password salting which makes it much harder for an attacker to brute force your password from a hash stored in the database
- You need at least an 80 bit password.
- The keyspace is what password crackers work on, that and a number of common password patterns people use.
If you use lower and upper case, numbers and special characters then the keyspace is about 96 characters ( a-z, A-Z, 0-9, !-? ). Chances of attaining 80 bits or higher with an 8 or higher character password are good if you use the full character set.
Problem is they are difficult to memorise.
Try
http://www.safepasswd.com and set it to Easy To Remember, and set the password length to 10 for your dumb password, and to 18 for your hard one.
Easy: bRitain8@2
Hard: H#iNTerceptor23rAid1
Use your easy password for everything except stuff that matters, use the hard password and if no length restrictions, the easy password for everything else
i.e. H#iNTerceptor23rAid1+bRitain8@2
------- Hard -------------- Easy ---
If an attacker nabs your easy password from other site they won't be able to use it to help them one bit with breaking the longer password, because in of itself, its not crackable by any password cracker on this earth at this point in time.
