Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Management

From: Kelly Martin <kel () securityfocus com>
Date: Fri, 21 Apr 2006 15:49:13 -0400
Jason T. Hallahan wrote:

I read somewhere that the optimal password length for a Windows system
is actually 7 alphanumeric characters... can anyone verify or expand
on that?
You can find some good insight in the interview we published with Solar Designer, who created the password cracker John the Ripper. Long passwords (or better, passphrases) are definitely better, but if someone can get the LM hash offline it's likely still game over no matter what (given enough resources). http://www.securityfocus.com/columnists/388/2. It's always a balance between a good password and one that the user can actually remember.
My personal view is that it's better to enforce a strong password but don't require that it be changed too often... so many users take a strong password and just enumerate it slightly if it needs to be changed every month. 

-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. 
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: