ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Password Complexity, Good or bad?

    Scheduled Pinned Locked Moved IT Discussion
    202 Posts 12 Posters 52.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Deleted74295D
      Deleted74295 Banned
      last edited by

      http://howsecureismypassword.com/

      Appears to be offline 😛

      BRRABillB 1 Reply Last reply Reply Quote 0
      • BRRABillB
        BRRABill @Deleted74295
        last edited by

        @Breffni-Potter said:

        http://howsecureismypassword.com/

        Appears to be offline 😛

        .NET

        DashrenderD 1 Reply Last reply Reply Quote 0
        • BRRABillB
          BRRABill
          last edited by

          thisisalongpassword = 607 million years

          thisisalongpasswor@ = 3 trillion years

          DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender @BRRABill
            last edited by

            @BRRABill said:

            @Breffni-Potter said:

            http://howsecureismypassword.com/

            Appears to be offline 😛

            .NET

            whoops

            https://howsecureismypassword.net/

            BRRABillB 1 Reply Last reply Reply Quote 0
            • BRRABillB
              BRRABill @Dashrender
              last edited by

              @Dashrender said:

              whoops

              https://howsecureismypassword.net/

              At least it wasn't a porn site.

              DashrenderD 1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @BRRABill
                last edited by

                @BRRABill said:

                thisisalongpassword = 607 million years

                thisisalongpasswor@ = 3 trillion years

                Is there a real difference? A meaningful difference?

                BRRABillB 2 Replies Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @BRRABill
                  last edited by

                  @BRRABill said:

                  @Dashrender said:

                  whoops

                  https://howsecureismypassword.net/

                  At least it wasn't a porn site.

                  Why?

                  1 Reply Last reply Reply Quote 0
                  • BRRABillB
                    BRRABill @Dashrender
                    last edited by

                    @Dashrender said:

                    Is there a real difference? A meaningful difference?

                    Yes.

                    I plan to live between those two numbers, so I need the stronger password.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @BRRABill
                      last edited by

                      @BRRABill said:

                      @Dashrender said:

                      Is there a real difference? A meaningful difference?

                      Yes.

                      I plan to live between those two numbers, so I need the stronger password.

                      Just change it at least once between now and then and you should be fine.

                      BRRABillB 1 Reply Last reply Reply Quote 0
                      • BRRABillB
                        BRRABill @Dashrender
                        last edited by

                        @Dashrender said:

                        Is there a real difference? A meaningful difference?

                        My point is that just adding a capital or symbol adds a lot of complexity to the password. It can make a big difference when dealing with shorter passwords. (Say 12 or less.) Why totally take them out of the equation? Especially at the beginning or end of the passphrase? Or on sites that don't allow longer passwords for whatever reason.

                        DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • BRRABillB
                          BRRABill @Dashrender
                          last edited by

                          @Dashrender said:

                          Just change it at least once between now and then and you should be fine.

                          I was planning to just add another @ sign but apparently that is a no-no. 🙂

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @BRRABill
                            last edited by

                            @BRRABill said:

                            @Dashrender said:

                            Is there a real difference? A meaningful difference?

                            My point is that just adding a capital or symbol adds a lot of complexity to the password. It can make a big difference when dealing with shorter passwords. (Say 12 or less.) Why totally take them out of the equation? Especially at the beginning or end of the passphrase? Or on sites that don't allow longer passwords for whatever reason.

                            No one ever said take them out.. just that they aren't a requirement.

                            the general belief is that the more requirements you put on users, the more they will fight you. So do 12+ and have no requirements - you can suggest that they put in caps, numbers, special characters.. but not required.

                            BRRABillB scottalanmillerS 3 Replies Last reply Reply Quote 1
                            • BRRABillB
                              BRRABill @Dashrender
                              last edited by

                              @Dashrender said:

                              No one ever said take them out.. just that they aren't a requirement.

                              the general belief is that the more requirements you put on users, the more they will fight you. So do 12+ and have no requirements - you can suggest that they put in caps, numbers, special characters.. but not required.

                              Got it.

                              I'm glad you and I had this little discussion!

                              1 Reply Last reply Reply Quote 0
                              • larsen161L
                                larsen161 @JaredBusch
                                last edited by

                                @JaredBusch said:

                                12+ Characters, complexity not needed. 180+ day password cycle.

                                2FA is always nice, but I would never expect to get it going in a standard office environment.

                                why would you never expect to get it going in an office?
                                It's been a straightforward implementation process in all of my last 3 companies.

                                1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender
                                  last edited by

                                  @larsen161
                                  I won't speak for JB, but for me - it's all around cost.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Dashrender
                                    last edited by

                                    @Dashrender said:

                                    @larsen161
                                    I won't speak for JB, but for me - it's all around cost.

                                    But you can do that for free.

                                    DashrenderD JaredBuschJ 2 Replies Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      @BRRABill said:

                                      @Dashrender said:

                                      Is there a real difference? A meaningful difference?

                                      My point is that just adding a capital or symbol adds a lot of complexity to the password. It can make a big difference when dealing with shorter passwords. (Say 12 or less.) Why totally take them out of the equation? Especially at the beginning or end of the passphrase? Or on sites that don't allow longer passwords for whatever reason.

                                      No one ever said take them out.. just that they aren't a requirement.

                                      the general belief is that the more requirements you put on users, the more they will fight you. So do 12+ and have no requirements - you can suggest that they put in caps, numbers, special characters.. but not required.

                                      Exactly, don't block people from using them, that's totally different. You want people making long, hard, but easy for them to remember passphrases. Anything that undermines that undermines your security. So the goal is to provide more options and encouragement towards security, not introducing artificial constraints that add effort and frustration because those things work against security.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said:

                                        you can suggest that they put in caps, numbers, special characters.. but not required.

                                        I don't even know if I would do that. If those things happen naturally, great, but they literally do nothing for security, so encouraging them for their own sake is bad, even if it is just a gentle nudge. What you want most is non-repeating, long, easy to remember passphrases. Anything that doesn't encourage that isn't useful.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @BRRABill
                                          last edited by

                                          @BRRABill said:

                                          My point is that just adding a capital or symbol adds a lot of complexity to the password. It can make a big difference when dealing with shorter passwords.

                                          They don't, though. They add no complexity. They are "just another ASCII character", they are not a thing. The computer does not even know that you thought you added complexity. To the computer there are two kinds of complexity only: length and "not available in a dictionary", the dictionary meaning any list of things, not a dictionary book. A dictionary could include "list of common passwords", for example.

                                          DashrenderD 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @BRRABill
                                            last edited by

                                            @BRRABill said:

                                            thisisalongpassword = 607 million years

                                            thisisalongpasswor@ = 3 trillion years

                                            How is that calculated? that's not based on math alone, those two are literally identical. That has to be based on a dictionary attack, if so, it's not the @ sign that does it.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 10
                                            • 11
                                            • 3 / 11
                                            • First post
                                              Last post