Really helpful response, Pinhedd--thanks so much!
Pinhedd :
This does not mean that the password fault file itself is useful to the attacker however, as most password vault/keychain applications block encrypt the file using strong symmetric encryption such as AES-256. As long as a completely unique and non-derivative password is used to protect this file the contents should be safe even if the file is obtained by an attacker. A password of length 15-20 characters would take all of the computers on the planet several generations to guess; you would be long dead by then.
Okay, right--so, the follow-up question I have is: what makes a strong password? For instance, is this a strong password: "youaretheappleofmyeye"? Or does a password have to look random, like "TP$w08K90lAaw!R," to be strong?
I ask, because if I type in "youaretheappleofmyeye" to any of the password strength estimators that I've linked to below, they all say it's great, but the advice I get about making a strong password is to use numbers, symbols, upper and lower case, and no dictionary words. So, what's going on here/what am I not understanding?
- ■https/howsecureismypassword.net/
■https/passfault.appspot.com/password_strength.html
■https/www.grc.com/haystack.htm