“Groovy Motherfucker”

“It is 10 times more secure to use “this is fun” as your password, than “J4fS<2”.” True dat. Of course, password complexity isn’t really an issue. Easiest way to crack a user’s password? Hack a website (or social engineer someone that works for a website) that stores passwords in cleartext.

Windows password cracker. Has an interesting open-source business model: The cracker is GPL, and there are free (but limited) Rainbow tables. To get the full tables, you need to pay $99.

Choose better passwords through understanding how brute-crackers work these days.

Bruce Schneier breaks down the password data gathered by a MySpace phishing attack. Notable fact: When the site insists upon including letters and numbers in the password, folks just append “1” to their usual password. (And, in my experience, when forced to change their password every few months, just cycle the number)