Someone please enlighten me...
... what exactly does a 'strong' password (as defined here) protect you from? This is a serious question - I just don't understand this "password long, symbols, numbers not a word" mantra. It just forces the user to write things down, store it elsewhere, reset it all of the time, etc.
- If the password isn't encrypted, it doesn't matter how complex it is.
- If the password is able to be decrypted, it doesn't matter how complex it is.
- If your encryption model depends on 'everyone' having an equally strong password - good luck with that - it won't matter how complex yours is.
- If there is a key logger (video camera, machine compromised, whatever), it doesn't matter how complex it is.
- If you are successfully phished, it doesn't matter how complex it is.
- If you are re-using a compromised password, it doesn't matter how complex it is.
- If someone is attempting a dictionary attack on your account, the security model 'should' stop the attack well before it can 'guess' the password, so it 'shouldn't' matter how complex it is.
- Further to this, if someone is simply guessing your password, the above should also kick in - the 'obvious' password examples given aren't anymore obvious than a thousand other things...
What am I missing?