Password for life? Yeah, maybe…

I just read an interesting blog post over on http://www.baekdal.com/tips/password-security-usability which gives a good case for not using random letters, numbers, case and special characters… The writer claims the password of “this is fun” would take about 2500 years to hack.

Most business security policies require passwords that are a minimum of 8 characters, with upper and lower case, numbers and special characters, and on top of that, they require you to change your password every so many days.  Yes, very annoying, and people find not-so-creative ways to circumvent the password changes. For instance, if your password is “Fubar#70”, when prompted to do so, you may enter “Fubar#71” the next time, and just keep incrementing it.

But, if this person is right, and an 11 character, all lower case password would take hundreds of years to hack, then maybe businesses should rethink their security policies regarding passwords?

Three simple words like “pass the gravy” would be far more secure than your “Fubar#70”, in fact go to this URL and give it a try…  http://howsecureismypassword.net/

For the record, all my passwords are “p455w0rd” because I know nobody will ever guess that.


Comments 2

  1. Passphrases have always been more secure than passwords and easier to remember. Oddly enough I have run into password systems that wouldn’t let me store more than 8 characters (which is really dumb). Hopefully the future is the pass phrase and multifactor authentication.

    You should still rotate your passwords though. Especially if you’ve ever shared it with anyone (maybe your computer is virus and spyware free but is theirs?) or entered it into a public computer or used it on a public network.

Leave a Reply

Your email address will not be published. Required fields are marked *