People say don't use passwords in the dictionary but if you use two words isn't it alright? Dictionaries have at least 10,000 entries so just two words will be 100,000,000 possibilities (and that's given if the attacker somehow knows it is an English word).
Is there something about the way passwords are stored that make them easier to crack if they are all numeric or all alphabetical characters?
An Nvidia GTX 560 Ti costs about $250 USD, and with something like http://www.golubev.com/hashgpu.htm enables you to try matching about 1.5 Billion NTLM password hashes a second.
This varies some depending on the hashing algorithm used but I wouldn't rely upon using two words from a dictionary of 10,000 entries.
A random passphrase is a good idea as has been said numerous times here. Two random dictionary words (from a 10000 word dictionary) is roughly as secure as a six random lower-case letters password, in practice this is quite weak (10000*10000 ~ 108, while 266 ~ 3 x 108).
If the hash is obtained and is a simple non-key-strengthened hash (regardless of whether their is a salt or not) it will take about a second to crack with a single modern GPU (which generates simple hashes (MD5, SHA-128/SHA-256/SHA-512, etc) at a rate of ~billion (109) hashes per second, assuming they know the method you generated your password (Kerckhoff's principle - always a good conservative assumption to make when analyzing a crypto-system).
Instead, I'd suggest a minimum of a four or five word passphrase; and for secure stuff e.g., encrypting your hard disk or an encrypted password list something like 7 to 9 words:
A five-word Diceware passphrase has an entropy of at least 64.6 bits; six words have 77.5 bits, seven words 90.4 bits, eight words 103 bits, four words 51.6 bits. Inserting an extra letter at random adds about 10 bits of entropy. Here is a rough idea of how much protection various lengths provide, based on updated estimates by A.K. Lenstra (See www.kelength.com). Needless to say, projections for the far future have the most uncertainty.
(Seven words from a 10000 word dictionary would take a billion modern gpus attacking at a billion attempts per second 317 years to brute-force).
But again beware reusing memorized passphrases at random places. First, you should never reuse passwords between different entities (any entity you give your password to, in theory could eavesdrop and record in plaintext). A malicious entity can even log incorrectly typed passwords and reuse at other places. Also a stupidly configured site may not allow long passphrases (spaces aren't allowed; or you need uppercase+symbols) or could silently truncate your passphrase (e.g., you only need to get the first/last 12 letters right and then it doesn't care).
That's why I suggest only using remembered passphrases for local stuff, passphrases for things I really need to remember (but still don't share amongst entities) like my email, and then having an encrypted list of unique randomly generated passwords/passphrases in the cloud on all my computers for everything else (besides a weak passphrase for stuff I don't care about being hacked). (I use keepassx as my password manager dropbox to keep the encrypted database shared amongst computers). I used to just use GPG and a bash script, but I find it has some handy features (like random password generation).
Whether or not a password is in a dictionary matters if and only if the attacker uses that dictionary to direct their attack. If I pick a Klingon word for my password, it will fare rather well if the attacker runs through a dictionary of English words, but it will fall pretty quickly if he tries the Klingon dictionary instead.
Likewise, if I compose a password out of several english words, my password will do fine if the attacker tries all the single english words in the dictionary, but does not try combining words. Alternately, if his attack dictionary consists of any set of words which contains my exact password, character-for-character, then my password will be guessed whenever he gets to it.
This may seem obvious and banal, but the point is that there is no magic to it. You want to make sure that any dictionary containing your password would have to be so large that the attacker will never get to your password anyway. The idea is to add lots of letters and avoid common, obvious patterns.
That's where all the password suggestions come from -- use mixed case, avoid names and words, use lots of letter, include symbols -- all of these suggestions decrease the likelihood that your password, letter-for-letter, symbol-for-symbol, will appear in the attacker's dictionary.
The strength of the password is defined by its entropy. By choosing the dictionary words, you are out of special/numeric characters, which reduces the value of that entropy. However by concatenation of two dictionary words, your password length is increased, which increases the value of the entropy.
You should consider a few kinds of brute-force attacks. The first one is common, brute-force which tries to guess your password character after character. The second one is dictionary brute-force attack. The attacker knows that your password is a dictionary-word. Why should he try to crack it letter after letter? Faster method is obviouse: try every word from the dictionary. The third method is a hybrid brute-force. The attacker knows the structure of your password, for example: {dictionary word}{3-digit number}. Knowledge of your password structure is a powerful stuff to faster his cracking method.
To sum up, the strenght of the password made of dictionary words is that it's easy to remember and its structure is unknown for the attacker. He should assume, that your password consists of unknown, random letters, without any pattern. However if your password policy is public and everyone knows how your password structure looks like (that it's a concatenation of dictionary words) then, the strength of your password is dramatically lower, 'cos the attacker could speed-up the cracking process by choosing the hybrid brute-force method.
Having any algorithm without randomness to generate your passwords is bad. 'Cos you need to keep in secret not only your passwords, but also this algorithm. If your algorithm leaks, attackers would be able to crack your passwords easier. Your algorithm is to take N words from the dictionary and concatenate them.
People tend to chose common words, words that are categorically similar, words arranged such that follow a form (e.g. "I [verb] [noun]" or "[adjective] [noun]"), and/or words that appear on the registration page. This cuts down the number of guesses needed drastically.
If you're going to take the route of combining words, go with 4 or 5 uncommon unrelated words and realize that humans tend towards patterns so really think about what you've come up with.
People say don't use passwords in the dictionary but if you use two words isn't it alright?
Let's backup a bit. There is nothing wrong with using several dictionary words to create a passphrase. After all, the Diceware system uses nothing but dictionary words. However, there is everything wrong when those dictionary words are not chosen randomly. And by random, I don't mean you dreaming up 7 words out of your head.
Now, if you took any dictionary and...
then your passphrase, created from your list of words, will have the maximum entropy (uncertainty, chaos, guess-factor) possible.
Strong passwords/passphrases are strong because they have a lot of entropy. Entropy is a product of the creation mechanism, not the passphrase contents! That's why every password you ever concocted in your head is basically worthless, because it has so little entropy, because the creation mechanism was not a random one.
Unconvinced? Let's try an example with an online analyzer that can measure the difference in entropy between a randomly made password and a "human" password. Let's analyze Cool Super Password.
And because we're so clever, we will change it up a little to k0Ol suP@h p4$$wUrd.
Now, on its face, if this were 100% randomly created, this 9519 keyspaced passphrase would clock in at around 112.34529 bits, because each symbol would have about 6.5699 bits of entropy (6.5699 × 19 graphemes). That's a max. (Set the analyzer to calculated Uncertainty to see this.)
But... I just made this passphrase up; it's not really random at all. So, I can't objectively assign each symbol that much entropy. I have to go with something closer to reality like 2.3 bits of entropy per symbol (Shannon, 1948). And if I were feeling merciless, I would choose 1.1 bits of entropy (Takahira, 2016), but let's use the 2.3 metric. (The analyzer lets you choose.)
At 2.3 bits per symbol, I have no more than 39.33 bits of total entropy. My 19-character passphrase is garbage, and would take a Brutalis about 987 milliseconds to crack! (See in analyzer).
The difference between a random password, and a human one, cannot be stressed enough. The issue is not whether you use dictionary words in your passphrase, the issue is how those words are selected. It's all about the creation mechanism, not the contents.
[DISCLAIMER] I created the passphrase.Life analyzer [/DISCLAIMER]
If the password hashing mechanism is any good then yes, building your password from randomly chosen words is a good password generation method, even if the list of possible words is short. Some notes, though:
"Randomly chosen" is important. Don't select the words with your mind; human brains cannot do proper randomness. Use a random generator (coins, dice...) to select each word and stick to the result (don't rethrow the dice if you do not like the selected words).
You will want to choose more than two words, rather three or four, because modern hardware is freakingly fast at trying a lot of combinations.
So you end up with the same method as the one described in this famous comic and it is fine. It has the drawback that a long password, well, is long; as such, you may find it irksome when typing it (depending on your typing speed and the input device, of course). Some password entry interfaces arbitrarily limit the password size to low values (e.g. 16 characters at most), for no good reason, but they nevertheless do it, and this makes them incompatible with list-of-words passwords.
Bad password hashing mechanisms exist. In particular, the infamous LanMan hash in old Windows system "hashes" a 14-character passwords as two separate 7-character words, and the two hashes are independent of each other. This allows for breaking them one at a time, which is of course much easier than trying to find the correct combination right away. See this answer for some more analysis on this subject.
If the password hashing mechanism really operates like a cryptographic hash function, as it should, then use of lowercase letters and English words offers no shortcut to the attacker.
