Password requirements

There are still many people who get this wrong, so let us say it one more time:

If you haven’t gotten the memo, passwords with funny characters are not inherently safer than those without. As XKCD has pointed out, the password “Tr0ub4dor” will take a brute-force hacker 3 days to crack at 1000 attempts per second, while “correcthorsebatterystaple” would take that same hacker 550 years. So if you think your cute little requirements are making your site and your users safer, then you’re clueless.

Long passwords is the answer.

If you think requiring the user to use special characters, or to switch cases, and then believe that actually increases security – it doesn’t, it decreases your security – you really should read up on it by now.

This entry was posted in Development, Security and tagged . Bookmark the permalink.

1 Response to Password requirements

  1. Pingback: Passwords | Hennings blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.