why is a password that uses numbers and letters stronger than one with only letters? the attackers don’t know that you didn’t use numbers, so they must include numbers in their brute force either way.
In: 7568
it’s a somewhat historical thing. in the past users had actual dictionary words as passwords, this was an attempt to change them a little so that attackers couldn’t easily guess them by using a dictionary. in practice almost everyone changed their password the same way (by appending a ! or a 1 or something similar) so the benefit is somewhat questionable.
in 2023 i would just enforce really long passwords (16+ characters) with no complexity rules.
Latest Answers