Password requirements

There are still many people who get this wrong, so let us say it one more time:

If you haven’t gotten the memo, passwords with funny characters are not inherently safer than those without. As XKCD has pointed out, the password “Tr0ub4dor” will take a brute-force hacker 3 days to crack at 1000 attempts per second, while “correcthorsebatterystaple” would take that same hacker 550 years. So if you think your cute little requirements are making your site and your users safer, then you’re clueless.

Long passwords is the answer.

If you think requiring the user to use special characters, or to switch cases, and then believe that actually increases security – it doesn’t, it decreases your security – you really should read up on it by now.

Dette indlæg blev udgivet i Development, Security og tagget . Bogmærk permalinket.

Skriv et svar

Udfyld dine oplysninger nedenfor eller klik på et ikon for at logge ind: Logo

Du kommenterer med din konto. Log Out /  Skift )

Google+ photo

Du kommenterer med din Google+ konto. Log Out /  Skift )

Twitter picture

Du kommenterer med din Twitter konto. Log Out /  Skift )

Facebook photo

Du kommenterer med din Facebook konto. Log Out /  Skift )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.