I must agree that augmenting words using special characters is a great way to isolate yourself from a dictionary attack, but the emphasis these days is too much on password complexity rather than length.

You only need to make PART OF YOUR PASSWORD complex, and macbookair no matter how it is spelled is simply too short.

The latest GFX GPU’s have 128 shaders, or more, which can be used independently as threads. Using this technology, each computer is now 100 times (or more) powerful. Not to mention any prop hardware the CIA/NSA/FBI/Tax Department/Neighbor/Dog/Whatever has that is not in public domain (and they do have this hardware).

And in the future – computers will get more and more powerful, and decryption technology will improve.

Having current technology 128 threads/ processor reduces your password strength by the power of 7 (7^2=128) so, macbookair is now really only as strong as a three byte password. Put one hundred GFX/CPU’s together, this password can be hacked in seconds.

My recommendation:
(a) + (b)
“nACb))K02″+ “TheQuickBrownFoxJumpedOverTheLazyDog”

nACb))K02TheQuickBrownFoxJumpedOverTheLazyDog
123456789012345678901234567890123456789012345

This is 45 bytes long = unhackable.

Why is this unhackable?
(http://www.lastbit.com/pswcalc.asp)

Because of exponentiality. Each bit is a doubling up of the computing power required.
See:
http://en.wikipedia.org/wiki/Brute_force_attack

The Von Neumann-Landauer Limit states that 30 gigawatts is reqd for one year to brute force a 128 bit key.
A 256 bit key is probably more energy than in the Sun!

The first part of the password is the complex bit that can never be hacked via a dictionary attack.

The second part of the password is easily remembered and hackable via a dictionary attack, but is “safe” because the hacker must guess the whole string, not just the dictionary part.

Because (a) and (b) must be hacked together and cannot be hacked in isolation, you now have a very long, very memorable, password that is uncrackable. One too that can be stored in the safest place in the world – your mind!

So, when having a password, let me re-iterate… By all means do your fancy special characters, spaces, numbers, upper/lower case, non-dictionary/random bit, but also make it long. Having a simple long password with a small random component, is a billion times or more better than a short one – no matter how complex yours is!

Also don’t forgt the usual safeguards:
- Don’t use these long passwords online or on the cloud, or anywhere that people can “see” it.
- Turn your computer off when you’re not using it.
- Turn your network off when you’re not using it.
- Use full disk encryption on everything – hibernation/pagefiles are just as dangerous as having passwords written on paper sitting on your desk!
- Make your wireless network invisible with WPA2, or better yet go wired
- Don’t use complex passwords on easily hackable devices (ie on your $50 10mbit DLINK network hub from 2001)
- Have a hardware firewall
- Don’t tell anyone your password under any circumstances (not even your wife), as good as her intentions are, she may write it down!
- Make passwords very unique between usage (ie cloud passwords are 100% different from the most important disk-encryption passwords). Don’t even share the same Windows Logon password / disk encryption passwords.

Anything I’ve missed?

Many thanks to this guy…
http://www.infoworld.com/d/security-central/password-size-does-matter-531

You have got to be kidding!…

Can you say something about TrueCrypt compared to FileVault ( http://en.wikipedia.org/wiki/FileVault ) the encryption facility that is embedded in Mac OS X please?