Home page logo
/

basics logo Security Basics mailing list archives

Re: Suggested "safe" password length
From: Rodrigo Otaviano <rodrigo () otaviano com>
Date: 15 Nov 2003 01:08:01 -0000

In-Reply-To: <059901c3aaa2$b3cf5880$1100a8c0 () dtg17>

Another good way to generate a password is by memorizing a 
long phrase and then picking the first letters of each word.

For example: "it's been 4 years since my graduation!"

The password would be" Isb4ysmg!"

At first sight it sounds like strange but it's very easy to remember 
once you've memorized the phrase. Of course, it would be 
interesting to mix both letters and numbers.

Rodrigo Otavio Paes de Barros Otaviano




I wanted to have an idea about what should be the suggested 
range of
password lengths and if there is any upper bound.



You may want to enforce say at least 1 numeric, and 1 
uppercase and maybe 1
lower case in that. Should also try to get your users to avoid 
using
dictionary words, even such as hell0, or fr3d etc.. Something like
'IQyJ$4)xv&' or 'z46he+^6**' would be a pretty strong password 
since it has
no real relevance to anything, however remembering that could 
be
interesting. That's the price you've got to pay for password 
security.

Hope this helps.

Regards,

Simon Gray
Desktop Guardian Ltd

Developers of Identrica
mobile phone based authentication
www.identrica.com


------------------------------------------------------
---------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web 
Services security to 
simplify the management and deployment of PGP and reduce 
overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/
ForumSystems_security-basics_031027 
------------------------------------------------------
----------------------



---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]