| > E.g. postcriptaluminumengagement vs kug45l2wx If you pick from a dictionary of 250,000 words, that is around 18 bits. So three randomly chosen words strung together give you around 54 bits. On the other hand, an alphanumeric character is around 6 bits, so 9 of them strung together is about 54 bits. Assuming your dictionary was 250,000 words, both of the passwords you posted were about the same quality (until you posted them - now they're again about the same quality, but much less). > Or are there also dictionaries that contain combos of words?! Your software just concatenates words and other well known sequences (123, zxcvbn). Check out the great password entropy checker called zxcvbn: https://github.com/dropbox/zxcvbn https://dropbox.tech/security/zxcvbn-realistic-password-stre... https://www.bennish.net/password-strength-checker/ (Note: don't enter production passwords into random websites, needless to say...) |