How secure are passwords made of whole english sentences
I often read as an advice to build strong passwords, just to think about a sentence and then take the initial letters. For example take a nonsense sentence like "I watch Grey's Anatomy at 9.40" gives me the password "IwG'sA@9.40".
How secure is it if I take instead of this just the whole sentence (including white spaces). To be more concret:
How secure is it to use just an ordinary english sentence as a password with in particular with respect to
- a sophisticated directory attack
- a brute-force attack
If it is a good idea to do so, are there any rules I should follow to build the sentence? (Number of words, Is it ok if it is a quote from a famous person or has it to be a nonsense sentence...)
How do passwords of this type compare to a just randomly choosen passwort consisting of lower and upper case letters, numbers and symbols of length n?
I have four places in mind where this scheme should be applied:
- Your home computer
- Internet accounts (email, online shops, social networks,...)
- Internet Banking
- Storing highly sensible data
The password should be secure enough to follow the technical progress in password cracking and computer hardware for at least two years.
How appropriate is the described password building scheme in those cases, how would one change the recommendations on the sentence length etc. depending in which area the password is used?
Would be great if the answer contains some calculations which estimate the password security and some references about this topic.
