Security Basics mailing list archives
Re: Suggested "safe" password length
From: "Simon Gray" <simong () desktop-guardian com>
Date: Mon, 17 Nov 2003 10:36:24 -0000
I believe that you must keep the human factor in mind when deciding things
like this.
While the 'IQyJ$4)xv&' password described below may be quite secure from a
pure-
technology standpoint, how secure is the system when the only way your
users can >remember their password is to write it down and tape to their monitor? It depends how often the password is used and what type of users they are, if the user has to enter the password several times a day, they will soon remember it. If you wanted to be really picky, whats to stop somebody installing a key logger and logging the password that way? Regardless of the length it'll still get used.
The human factor can not be ignored!
Exactly true, this is why we don't use passwords we use peoples mobile phone's instead as a kind of token. If you want a secure system with passwords, then you either enforce it, or you reduce your security and allow easy to remember passwords. As I said in my previous email: 'this does depend on what the password is authenticating you to? (Nuclear reactor? or your gym locker?)' for the strength you'll need. It's finding the balance for your situation. Regards, Simon Gray Desktop Guardian Ltd Developers of Identrica mobile phone based authentication www.identrica.com --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Re: Suggested "safe" password length, (continued)
- Re: Suggested "safe" password length Hollis Johnson (Nov 17)
- Re: Suggested "safe" password length Alessandro (Nov 16)
- Re: Suggested "safe" password length Tomas Wolf (Nov 17)
- Re: Suggested "safe" password length Steve (Nov 17)
- Re: Suggested "safe" password length Patrick M Darienzo Jr (Nov 16)
- RE: Suggested "safe" password length dave kleiman (Nov 17)
- RE: Suggested "safe" password length JohnNicholson (Nov 16)
- RE: Suggested "safe" password length Ben Cain (Nov 17)
- RE: Suggested "safe" password length dave kleiman (Nov 17)
- RE: Suggested "safe" password length Smith, KC (Nov 16)
- Re: Suggested "safe" password length Simon Gray (Nov 17)
- RE: Suggested "safe" password length Chris Berry (Nov 17)
- Re: Suggested "safe" password length Rodrigo Otaviano (Nov 17)
- RE: Suggested "safe" password length Inlow, Richard N (Nov 17)
- RE: Suggested "safe" password length CHRIS GRABENSTEIN (Nov 17)
- RE: Suggested "safe" password length CHRIS GRABENSTEIN (Nov 17)
- Re[2]: Suggested "safe" password length Vishal (Nov 17)
- RE: Suggested "safe" password length Kenneth Buchanan (Nov 18)
- Re: Suggested "safe" password length No God (Nov 20)
- RE: Suggested "safe" password length Chris Berry (Nov 20)
- Re: Re[2]: Suggested "safe" password length Chris Berry (Nov 21)
(Thread continues...)