How to Choose a Good Password
March 15, 2009 By
harnessing the human side of security
Engage with Michael Santarcangelo
About Michael Santarcangelo
Michael Santarcangelo is the catalyst* called upon to deliver successful results when others have struggled and failed to harness the human side of security. Blending a degree in human ecology with … [Read More...]
Effective Communication of Security
Effective communication of security ensures that whether written, spoken or blended across delivery options efforts are positioned to reduce friction, bring technology and business objectives into alignment and inspire those we serve to … [Read More...]
Thanks guys! I was looking for a good clip to segue into a brief discussion about basic password policies over at the Intern’s Revenge blog. Although I was a little surprised about advising people to use two dictionary words as a “strong password.” Am I alone in thinking that’s not good practice?
Strength is determined as a factor of the overall “key space” and the length. Assuming uppercase, lowercase digits and non-alpha characters are allowed, then the longer password is better. While we like to beat people about the head and shoulders to suggest they need to choose inane combinations as a password, taking two words that they know, and joining them together with some non-standard characters creates a long password that should not fall prey to dictionary attacks.