You should not use passwords, period. Use passphrases. L0phtcrack is kind of obsolete in tools used for enumerating passwords. As mentioned earlier rainbow tables is the latest and will munch through passwords in seconds, regardless of which alphanumeric characters you may have used. There are rainbow table forums where they have collectively collaborated on creating large sets of tables for LM (LanMan) passwords. LM hashing is used by Windows for passwords <15 characters. Passwords/phrases >15 characters are automatically stored with NTLM hashing which requires considerably larger rainbow tables (many, many GB) to be enumerated accurately. NTLM hash is of course not foolproof, but increases the security and your sense of safety. If you still wish to use passwords <15 characters, at least turn off the use of the LM hash. This can be done in many ways, one of which is this: (and all these changes require administrator privelieges) WinKey+R >> secpol.msc >> Local Policies >> Security Options Then find: "Network Security: Do not store LAN Manager hash value on next password change" It is set to "Disabled" by default, change it to "Enabled" and reboot. Change your password and voila, you're done. You could also take a look at thraslm from toolcrypt.org which removes the LM hash from the registry without a reboot. Link found here: http://www.toolcrypt.org/index.html?thrashlm As for the plain registry hack for the registry addicts and unattended cd creators like myself out there, you can change this key/value: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa] "LMCompatibilityLevel"=dword:00000000 "NoLmHash"=dword:00000000 Change To: "LMCompatibilityLevel"=dword:00000003 "NoLmHash"=dword:00000001 Which changes the settings from both LM/NTLM to NTLM only. Just to clarify, disabling LM hash in this way will make the encrypted hash version of your password/phrase a lot more safer from rainbow tables. It does _not_ make it safe to use short passwords from other cracking methods like brute forcing, so I still recomend you to not be lax with what type of password you have. At least this way you do not need a >15 character password to get NTLM security. I hope this was helpful to someone at least, and in light of the Star Wars mood around now.. may the security be with you.