Which Is Better ...

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Mar 8, 2011.

  1. .... to use more different kinds of characters in a password (mixed-case,
    digits etc), or to just make the password longer?
     
    Lawrence D'Oliveiro, Mar 8, 2011
    #1
    1. Advertising

  2. Lawrence D'Oliveiro

    Enkidu Guest

    On 08/03/11 23:52, Lawrence D'Oliveiro wrote:
    >
    > ... to use more different kinds of characters in a password (mixed-case,
    > digits etc), or to just make the password longer?
    >

    Using a long password with lots of different characters. Duh!

    Cheers,

    Cliff

    --

    The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

    The end excuses any evil - Sophocles
     
    Enkidu, Mar 8, 2011
    #2
    1. Advertising

  3. Lawrence D'Oliveiro

    peterwn Guest

    On Mar 8, 11:52 pm, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > ... to use more different kinds of characters in a password (mixed-case,
    > digits etc), or to just make the password longer?


    6 characters a-z 309M
    6 characters a-z, A-Z, 0-9, specials (80 in all say) 262,144M
    10 characters a-z 141,167,095M
    10 characters a-z, A-Z, 0-9, specials (80 in all say)
    10,737,418,240,000M

    If either/or - just make the password longer.

    I think the reason some applications require digits and special
    characters in passwords it it forces a user to use a reasonably decent
    password, but a user could still use a fairly feckless password like
    'password8#' .

    The worst case scenario is if the 'cracker' obtains the password
    'hashes' stored on a system. the 'cracker' can run them through a
    cracking program which would with a bit of luck unmask some weak
    passwords fairly quickly.
     
    peterwn, Mar 8, 2011
    #3
  4. In article <4d768c09$>, Enkidu <> wrote:
    >On 08/03/11 23:52, Lawrence D'Oliveiro wrote:
    > >
    >> ... to use more different kinds of characters in a password (mixed-case,
    >> digits etc), or to just make the password longer?
    > >

    >Using a long password with lots of different characters. Duh!


    :)
    There are accepted standards for 'strong' (vs 'weak') passwords.
    One of the suggestions is, at least 3 of the 4 types listed here (preferably
    all 4 of course) ...
    lower case letters
    upper case letters
    numbers
    special characters

    After that, longer is better than shorter, and there are some
    places/sites/organisations that set a minimum length - I think (hope ?
    :) ) you'll find banks in that category. :)

    Of course, all that is rendered useless if your passwords are so long and
    convoluted that you can't remember them and write them down instead. :) :)
     
    Bruce Sinclair, Mar 8, 2011
    #4
  5. In message
    <>, peterwn
    wrote:

    > I think the reason some applications require digits and special
    > characters in passwords it it forces a user to use a reasonably decent
    > password, but a user could still use a fairly feckless password like
    > 'password8#' .


    That’s easily ruled out with a dictionary scan at the password-vetting
    stage, though. Like pam_cracklib does.
     
    Lawrence D'Oliveiro, Mar 9, 2011
    #5
  6. Lawrence D'Oliveiro

    Richard Guest

    On 9/03/2011 12:59 p.m., Bruce Sinclair wrote:
    > In article<4d768c09$>, Enkidu<> wrote:
    >> On 08/03/11 23:52, Lawrence D'Oliveiro wrote:
    >>>
    >>> ... to use more different kinds of characters in a password (mixed-case,
    >>> digits etc), or to just make the password longer?
    >>>

    >> Using a long password with lots of different characters. Duh!

    >
    > :)
    > There are accepted standards for 'strong' (vs 'weak') passwords.
    > One of the suggestions is, at least 3 of the 4 types listed here (preferably
    > all 4 of course) ...
    > lower case letters
    > upper case letters
    > numbers
    > special characters
    >
    > After that, longer is better than shorter, and there are some
    > places/sites/organisations that set a minimum length - I think (hope ?
    > :) ) you'll find banks in that category. :)
    >
    > Of course, all that is rendered useless if your passwords are so long and
    > convoluted that you can't remember them and write them down instead. :) :)


    Writing them down is fine if you protect the written down password.

    I find places that insist on mixed case and numbers a pain in the ass
    when entering them on the phone, would rather have 18-20 characters that
    I can quickly bang out rather than having to use shift and character all
    the time.

    Stupid bank of mine requires 8 characters, no more. Thats annoying since
    it breaks my system.
     
    Richard, Mar 10, 2011
    #6
  7. In message <il9k5f$iih$>, Richard wrote:

    > I find places that insist on mixed case and numbers a pain in the ass
    > when entering them on the phone, would rather have 18-20 characters that
    > I can quickly bang out rather than having to use shift and character all
    > the time.


    One of my early Java exercises was a program that generated random words
    based on simple syllable-construction rules that tried to keep the results
    pronounceable, after a fashion. Here’s some sample output:

    aueuloyey
    oowtaejsuydh
    thowluwhquu
    quaighous
    akhniuktuolt
    xawoaghdawz
    ewoudau
    leurdeioa
    oorthquayoa
    aechsawnouf
    vinbreeam
    lezhreeyooch
     
    Lawrence D'Oliveiro, Mar 10, 2011
    #7
  8. Lawrence D'Oliveiro

    EMB Guest

    On 9/03/2011 9:28 a.m., peterwn wrote:

    > The worst case scenario is if the 'cracker' obtains the password
    > 'hashes' stored on a system. the 'cracker' can run them through a
    > cracking program which would with a bit of luck unmask some weak
    > passwords fairly quickly.
    >

    It took me less than 24 hours to get the passwords for 95% of our 10,000
    users using this method.
     
    EMB, Mar 12, 2011
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand
    Replies:
    3
    Views:
    839
    unholy
    Jul 11, 2005
  2. Tony Carlisle

    Why doesn't the better camera have a better dpi?

    Tony Carlisle, Oct 2, 2003, in forum: Digital Photography
    Replies:
    6
    Views:
    471
    Mark Herring
    Oct 4, 2003
  3. The Jesus of Suburbia

    Microcontrollers: which one ? which language ? which compiler ?

    The Jesus of Suburbia, Feb 11, 2006, in forum: NZ Computing
    Replies:
    2
    Views:
    559
  4. thingy

    The SCO case gets better and better....

    thingy, Dec 10, 2006, in forum: NZ Computing
    Replies:
    2
    Views:
    356
  5. dh@.
    Replies:
    1
    Views:
    499
    PTravel
    Aug 28, 2008
Loading...

Share This Page