Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Suggested "safe" password length

From: Alessandro <a.bottonelli () infinito it>
Date: Fri, 14 Nov 2003 20:34:27 +0100
On Thursday 13 November 2003 09:05, Ashish Sharma wrote:

Hi,
I wanted to have an idea about what should be the suggested range of
password lengths and if there is any upper bound.


Don't know about any upperbound, but the more lenghty the password, the more 
likely the user will be tempted to write it down somewhere (which is bad).

Eight to ten characters is usually perceived as the right balance. In Italy, 
for personal/health data protection, the law sets the minimum lenght at 
EIGHT. If combined with GOOD passwords (no dictionary, some numbers, some 
capital) EIGHT is usually enough. If you are protecting very sensitive stuff, 
you may want to consider two-factor authentication, rather than going any 
further than EIGHT / TEN characters passwords.

-- 
Alessandro Bottonelli
CISSP, BS7799 Lead Auditor
www.axis-net.it

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: