Security Basics mailing list archives
RE: Suggested "safe" password length
From: Kenneth Buchanan <K.Buchanan () Kastenchase com>
Date: Tue, 18 Nov 2003 12:15:21 -0500
:) I was waiting for someone to mention this. Bruce Schneier advocates this approach: "My wallet is already a secure container; it has valuable things in it, and I have a lifetime of experience keeping it safe. Adding a piece of paper with my passwords seems like a natural thing to do." http://uk.biz.yahoo.com/030902/244/e7d3m.html It actually makes a lot of sense. A cryptic 'hard to remember' password tends to be far more difficult to brute force, so why not just go with it, have people write it down, and instruct them to keep the paper safe? It becomes a little like an authentication token. As someone else pointed out, once they've entered it a certain number of times they will remember it anyway, at which point they won't have to pull out their wallets every time they need to log in. -----Original Message----- From: Anders Reed-Mohn [mailto:anders_rm () utepils com] Sent: Tuesday, November 18, 2003 8:19 AM To: security-basics () securityfocus com Subject: Re: Suggested "safe" password length ----- Original Message ----- From: "Robert & Marina Mantle" <rwmantle () rogers com>
True, although best practices suggest a password of at least 8 characters, too long a password and users will have a tendency of writing them down rather than attempt to commit them to memory.
Well, why not just let them write it down? Put it on a piece of paper, and let them keep it in their wallet (not under the keyboard, naturally). I mean.. banks trust this approach, why can't we? Cheers, Anders :) --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: Suggested "safe" password length, (continued)
- RE: Suggested "safe" password length Ben Cain (Nov 17)
- RE: Suggested "safe" password length dave kleiman (Nov 17)
- RE: Suggested "safe" password length Smith, KC (Nov 16)
- Re: Suggested "safe" password length Simon Gray (Nov 17)
- RE: Suggested "safe" password length Chris Berry (Nov 17)
- Re: Suggested "safe" password length Rodrigo Otaviano (Nov 17)
- RE: Suggested "safe" password length Inlow, Richard N (Nov 17)
- RE: Suggested "safe" password length CHRIS GRABENSTEIN (Nov 17)
- RE: Suggested "safe" password length CHRIS GRABENSTEIN (Nov 17)
- Re[2]: Suggested "safe" password length Vishal (Nov 17)
- RE: Suggested "safe" password length Kenneth Buchanan (Nov 18)
- Re: Suggested "safe" password length No God (Nov 20)
- RE: Suggested "safe" password length Chris Berry (Nov 20)
- Re: Re[2]: Suggested "safe" password length Chris Berry (Nov 21)
- Re[4]: Suggested "safe" password length Vishal (Nov 23)