Sunday, September 4, 2016

Password Complexity and Length:

We all know we should be making passwords 16 characters in length with uppercase, lowercase, numeric, special character, and ending in a letter.  
  • Example:  Tdkhg#8fjw*jf2h
Problem is that with today's computational power along with the available pre-built dictionaries, this is not as strong as once thought.  Pre-built dictionaries are easily obtainable that are being constantly updated with the 100's of millions of passwords obtained through data breaches.  

Users should be at least using a password manger such as "" or "".  Offline password manager recommended is "Password Safe", designed by renowned security technologist Bruce Schneier.  

When creating a new password today, use passwords that are 30+ characters in length to make bruteforce password cracking exponentially more difficult.  This can easily be done when using a password manger.  What about the password used to access the password manger vault?  Still use 30+ characters but create a sentence you can easily remember.  This will still retain the strength of an auto generated password with traditional password complexity requirements.  
  • Example.  ThisIsAGreatSiteAndILoveItSoMuch.  (This Is A Great Site And I Love It So Much.)  According to "", this password on average home computer today would take 10,000 centuries to bruteforce.
To strengthen password complexity today, remember that length can provide complexity.  

**Never re-use passwords on different sites and try to use different usernames also.  Use a password manger to assist. 

No comments:

Post a Comment