Password Strength vs Expiration
-
I feel like we've had this discussion before but it's worth noting again...longer, stronger passwords are far more effective than making a user change their password every 90 days. When it comes to breaking passwords, it's not about complexity. It's about length. Interestingly enough, I saw a company today that actually made that exact point: Facebook.
While they didn't mention length, they talked about strength. A non-complex password that is longer beats a shorter, complex password. Complexity fools people but not computers. I'm sure we've all seen the XKCD comic:
But I just saw that today and felt the point was worth repeating, because so many companies don't seem to get it...
-
I like websites that allow spaces in the passwords. This makes for some easy to remember, yet hard to guess phrases.
-
@dafyre said:
I like websites that allow spaces in the passwords. This makes for some easy to remember, yet hard to guess phrases.
I still regularly run into sites that have password length caps. I've even seen caps as low as ten characters as recently as the past couple weeks!
-
@thanksajdotcom Sadly, that makes two of us.
-
@dafyre said:
@thanksajdotcom Sadly, that makes two of us.
What made it worse was it also allowed no special characters. All I could think is "what is this antiquated system they are on?!"
-
@thanksajdotcom KeePass to the rescue, lol.
-
