Drunk proof and strong passwords | Weird

You know how to create a strong password. There are millions of article on tips of creating strong password.

It is very easy to spit out your password when you are drunk. Someone can just ask you for your password and you can just say it to them. How do you prevent such a situation?

There are two types of passwords, those that are easy to remember such as “john29” and those that rely on obscurity such as “52jEn\$” the first is less secure as it falls for a dictionary attack (trying words from the dictionary with numbers randomly around it). The rest relies on a bruteforce attack (randomly trying every possible password) as one can best guess it through random chance. A brute force attack can get any password even one generated in this way in the same amount of time as an equally strong (strong being a function of length and the size of the character pool). Technically using this would be weaker if and only if someone knows you use this algorithm or a closely related one. Because if they knew that they can generate (for a n length domain) n characters of your password in 26 tries, rather than (assuming case sensitive alphanumeric) 62^n tries. And if you just your birthday they know there’s at least 4 digits and if they know your birthday it lowers it significantly. Then it’s a matter of putting random characters in random spots. While it still is very large, it’s smaller than if it’s fully random.

But really the benefit is it’s easier to remember than a fully unique password for every website and since a strong majority of pw attacks will be focused on 1 or 2 sites which means making a program just to crack this algorithm isn’t worth it, meaning they’d jsut use brute force which makes it just as secure. Then you also have the benefits mentioned above.

Basically it is less secure if you make a cracker based on this algorithm and you know they follow this algorithm, but obscurity means it’s just as secure in terms of cracking. AKA less on paper, just as in practice