On Tue, Feb 3, 2015 at 11:20 AM, Scott Robbins <scottro at nyc.rr.com> wrote: >> >> I don't think anybody is missing anything. "Palindrome" in this context >> may not be limited to real words; the author may be suggesting that you >> not pick your password by picking a real word and tacking on its >> reverse to make a palindrome, e.g., "password1drowssap". >> > > Ah, that makes sense then, thanks. I think the intent is: "Don't use a password likely to be included in the list that an attacker would try". Of course if services would rate-limit the failures by default or at least warn you about repeated failures and their source, brute-force attacks would rarely succeed. But fixing the problem doesn't seem to be the point here. -- Les Mikesell lesmikesell at gmail.com