Comments on: How to Choose a Good Password http://www.securitycatalyst.com/how-to-choose-a-good-password/ Michael Santarcangelo delivers Awareness that Works™ Mon, 28 Jun 2010 13:51:54 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: admin http://www.securitycatalyst.com/how-to-choose-a-good-password/comment-page-1/#comment-894 admin Tue, 31 Mar 2009 12:24:20 +0000 http://www.securitycatalyst.com/?p=1369#comment-894 Strength is determined as a factor of the overall "key space" and the length. Assuming uppercase, lowercase digits and non-alpha characters are allowed, then the longer password is better. While we like to beat people about the head and shoulders to suggest they need to choose inane combinations as a password, taking two words that they know, and joining them together with some non-standard characters creates a long password that should not fall prey to dictionary attacks. Strength is determined as a factor of the overall “key space” and the length. Assuming uppercase, lowercase digits and non-alpha characters are allowed, then the longer password is better. While we like to beat people about the head and shoulders to suggest they need to choose inane combinations as a password, taking two words that they know, and joining them together with some non-standard characters creates a long password that should not fall prey to dictionary attacks.

]]> By: Intern's Revenge http://www.securitycatalyst.com/how-to-choose-a-good-password/comment-page-1/#comment-893 Intern's Revenge Tue, 31 Mar 2009 04:48:49 +0000 http://www.securitycatalyst.com/?p=1369#comment-893 Thanks guys! I was looking for a good clip to segue into a brief discussion about basic password policies over at the Intern's Revenge blog. Although I was a little surprised about advising people to use two dictionary words as a "strong password." Am I alone in thinking that's not good practice? Thanks guys! I was looking for a good clip to segue into a brief discussion about basic password policies over at the Intern’s Revenge blog. Although I was a little surprised about advising people to use two dictionary words as a “strong password.” Am I alone in thinking that’s not good practice?

]]>