Sunday, December 10, 2006
Passwords: longer, or more complicated?
Everyone tells you to put funny characters into your password, and a lot of places require it, but how much good does it do?
That question is harder than it sounds. But it's just high school math, and Excel will handle it easily.
As long as the password is randomly generated or otherwise completely unpredictable, a 10-character password drawn from just the lower-case letters beats a 7-character password jumbled with numbers, mixed case letters and punctuation.
Adding two letters to the length generally does as much or more good than making the password look like comic book profanity.
This means you can use a password that is easier on the eyes, easier to memorize, and easier to type on a foreign keyboard as long as you make it at least 9 characters long and include both upper and lower case.
But really, the best compromise between something you can memorize and something that's provably safe is a multiple-word "passphrase" you generate at random from a word list like the one at Diceware. A four-word passphrase is enough for almost all purposes, and a six-word passphrase is not feasible to guess. The cool thing is that you can usually make up a silly, picturesque story to go with the string of random words to help you remember it.
|
That question is harder than it sounds. But it's just high school math, and Excel will handle it easily.
As long as the password is randomly generated or otherwise completely unpredictable, a 10-character password drawn from just the lower-case letters beats a 7-character password jumbled with numbers, mixed case letters and punctuation.
Adding two letters to the length generally does as much or more good than making the password look like comic book profanity.
This means you can use a password that is easier on the eyes, easier to memorize, and easier to type on a foreign keyboard as long as you make it at least 9 characters long and include both upper and lower case.
But really, the best compromise between something you can memorize and something that's provably safe is a multiple-word "passphrase" you generate at random from a word list like the one at Diceware. A four-word passphrase is enough for almost all purposes, and a six-word passphrase is not feasible to guess. The cool thing is that you can usually make up a silly, picturesque story to go with the string of random words to help you remember it.
# posted by Frederick @ 2:38 PM Email to a friend:
Haloscan: they provide trackback