Hi

Thanks for the replies.

Luke: I think that was what may have happened, I use(d) 2 or 3 passwords most of the time, so if they got one then they had a heads up into others (I know I'm stupid).

If it's one word from a dictionary (assuming a language has 250 000 words [according to the OED]) then they'd could guess it in 1/250000 (just from a dictionary).

But then id there are 2 words or 3 words the chances drop significantly as there would 250000 x 250000 x 250000 x 4 x 4 (eg: word delimiter word delimiter word) [eg: orange+planet=sugar) or 2.5 E17

If just brute-force using the characters there'd be 5.70899077 × 10^45 (assuming 19 characters and 256 choices for each).

Of course until they cracked the whole password they wouldn't know they had cracked any of it. On the other hand the words are not obscure so would probably be checked first as one of the top 5-10000 words.

But I still have a nagging feeling as you suggest that randomised passwords of a certain length is better - but I dunno - if I set it up as too complicated for my clients they will probably change it themselves to something like pa55word :frow34:

Ray: I like the idea of passphrase not password

Ernie