@asuffield said:802.11 wireless networks. Public-key systems. Any unix or windows host where you can read a copy of the password database and merely have to break the hashes, or similar attacks that involve cracking open a captured database. In general, any case where you are dealing with data rather than a remote system. Most systems have a weakness of this form somewhere.Thank you for outlining some good ones that "structured" passwords should not be used on. Absolute random garbage is all I use on those.One thing that really irks me is when a system limits the maximum length of a password to something small. I forgot which site I'm a member of that does it, but it has a max of somewhere around 12 characters.I really need to implement across-the-board hashes as passwords. It'd make things much easier, but way more secure than what I'm doing on some of them.