Security Basics mailing list archives
Re: Suggested "safe" password length
From: Alessandro <a.bottonelli () infinito it>
Date: Fri, 14 Nov 2003 20:34:27 +0100
On Thursday 13 November 2003 09:05, Ashish Sharma wrote:
Hi, I wanted to have an idea about what should be the suggested range of password lengths and if there is any upper bound.
Don't know about any upperbound, but the more lenghty the password, the more likely the user will be tempted to write it down somewhere (which is bad). Eight to ten characters is usually perceived as the right balance. In Italy, for personal/health data protection, the law sets the minimum lenght at EIGHT. If combined with GOOD passwords (no dictionary, some numbers, some capital) EIGHT is usually enough. If you are protecting very sensitive stuff, you may want to consider two-factor authentication, rather than going any further than EIGHT / TEN characters passwords. -- Alessandro Bottonelli CISSP, BS7799 Lead Auditor www.axis-net.it --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: Suggested "safe" password length, (continued)
- RE: Suggested "safe" password length dave kleiman (Nov 17)
- Re: Suggested "safe" password length Simon Gray (Nov 14)
- RE: Suggested "safe" password length Enquiries (Nov 16)
- Re: Suggested "safe" password length Robert & Marina Mantle (Nov 17)
- Re: Suggested "safe" password length Anders Reed-Mohn (Nov 18)
- Re: Suggested "safe" password length Peter Schawacker (Nov 18)
- Re[2]: Suggested "safe" password length Vishal (Nov 20)
- Re: Suggested "safe" password length Anders Reed-Mohn (Nov 20)
- Re[2]: Suggested "safe" password length Vishal (Nov 21)
- Re: Suggested "safe" password length Steve (Nov 17)
- RE: Suggested "safe" password length dave kleiman (Nov 17)
- RE: Suggested "safe" password length Ben Cain (Nov 17)
- RE: Suggested "safe" password length dave kleiman (Nov 17)
- Re: Suggested "safe" password length Simon Gray (Nov 17)