Home page logo

basics logo Security Basics mailing list archives

Re: Suggested "safe" password length
From: Alessandro <a.bottonelli () infinito it>
Date: Fri, 14 Nov 2003 20:34:27 +0100

On Thursday 13 November 2003 09:05, Ashish Sharma wrote:
I wanted to have an idea about what should be the suggested range of
password lengths and if there is any upper bound.

Don't know about any upperbound, but the more lenghty the password, the more 
likely the user will be tempted to write it down somewhere (which is bad).

Eight to ten characters is usually perceived as the right balance. In Italy, 
for personal/health data protection, the law sets the minimum lenght at 
EIGHT. If combined with GOOD passwords (no dictionary, some numbers, some 
capital) EIGHT is usually enough. If you are protecting very sensitive stuff, 
you may want to consider two-factor authentication, rather than going any 
further than EIGHT / TEN characters passwords.

Alessandro Bottonelli
CISSP, BS7799 Lead Auditor

The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]