The Windows Club excerpt:

Technically, the length of passwords can be a maximum of 127 characters according to Microsoft. 127 characters mean that you can create easy phrases that you can easily remember and yet are strong passwords. However, some other considerations associated with these operating systems make you use shorter passwords.

For example, if you use a Microsoft Account to log into your Windows 11/10 computer, you are not allowed 127 characters. This is because Microsoft accounts (Live, Outlook, Hotmail, etc) have a maximum limit of 16 characters only. Thus, even though the login box of Windows 10 allows 127 characters, you are forced to use a password of maximum of 16 characters. Yahoo and Google are better in this case that allows 32 and 200 characters respectively.


That said, albeit Microsoft, Yahoo and especially Google, once they have their hooks on your computer they have access.

The best password is "correct horse battery staple" as explained in this xkcd comic:
https://www.explainxkcd.com/wiki/inde...

I think I'd better use something different, though: collect hoarse buttery stable. No one will ever guess it.

Hmmm. Maybe I need to make my passwords longer.
👍

That's a great chart.
My recommendation for people is to use words with a separator character (-/+/_ etc)
A last separator that differs based on the security level.
Along with a numeric suffix that correlates to the security level.

Then you have 4 levels of passwords:
1) sharable (don't care)
2) non-sharable (use something to memorize, no banking, no email passwords)
3) An email password
4) Financial Passwords. NEVER STORED/Memorized by software!

My-Security-Thoughts+12 (21 chars!)
And then variations could be
Google-Security-Thoughts+124680

Obviously, NONE of that is in my set of passwords.

But this makes it pretty easy to put down.

Also, you can ENCODE these in a written address book, as alternate addresses, that you have to re-assemble, because you know the pattern.

That allows you to use OLD addresses.

Never change just the number. If your password is leaked. It will be scanned, and then they will see the numbers, and substitute them out.

FINALLY. This is critical.
Use an email system that allows you to create "VIRTUAL" email addresses that cannot be linked to you.

The attack surface is usually:
SomeEmail@Yahoo.com =

Take and try logging into EVERYTHING you can imagine with the SomeEmail@Yahoo.com

Then try simple manipulations.

Typically if a hacker gets 2 of your passwords, he can calculate MOST of your passwords.

By having a different email PER site. You prevent them from "knowing it's you".

HTH...

But can it crack a DIANA Cipher? With rolling keys derived from a book page and verse dependent on the day. Perhaps Julian dates

This is making a reliance on passwords really a bad idea. Gold buried in the backyard and a couple of pitt bulls hanging around the house seems a lot safer. Owning a house with a small plot of land to farm on, with a secure source of water and solar power, and a few guns and a supply of ammo makes me feel safer

There's a old saying (maybe not all that old): Never post anything online you wouldn't want on a Jumbotron. The same line-of-thought sort of applies to online accounts i.e. banking. You want to limit the amount of wealth it is possible to steal online.
But here's the rub: once you retire, you want to travel, that necessarily implies long stretches of being away from your physical mailbox.
So we create a series of online accounts that facilitate automatic payments from a specified bank account.
Each account represents an opportunity or doorway for hacking. If you put all your utilities, credit cards, loan payments, toll passes, subscriptions.... each with access to your bank, you can easily see how wide open we are to someone being able to access our account.
I actually had this happen to me. Somehow someone was able to start writing physical checks against my account. They started paying their utility bills, gas, groceries, dentist, even some campaign contributions (to a Democrat organization)
I just so happened to be reconciling my bank statement, caught it within a week or so of the fraudulent charges. The bank stopped all further charges, but... It took several months to verify that the source of the fraud was not me, before I could be reimbursed.
If you want to take advantage of all the conveniences of online living, it comes with risk.
All that said, your best defense is to stay vigilant. Save your receipts. Pour over those statements as soon as they become available for you to scrutinize. Question anything that doesn't smell right, especially small charges, those are typically probes into your security.
The alternative is to go off grid. Not many of us are paranoid enough to forgo the conveniences of online life.
As soon as you step out your door, life is a risk.

Do you think AI/Hacker could hack a password that contains upside down, backward, inside out letters/phrases/ or just a word.
Just loaded a program for this, (used it in this weeks ITMTyme) and it was suggested to use with passwords.