Rules and Guidelines
Want to participate in the discussions? Please read our Community Rules and Guidelines. Need some help? Visit Support and Answers.

  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 9 subscribers
  • Views 268 views
  • Users 0 members are here
Options
You may also be interested in
This discussion is locked.
You cannot post a reply to this discussion. If you have a question start a new discussion

Password strength?

Howard Warren
When it comes to passwords, I've usually used a 10 character random mix of uppercase, lowercase, special and numeric characters, and have never had any issues with these being accepted as adequate. (Before I get told off, I have a different password for each application I use!)


However, when recently setting up a new application, my 10 character password was described by the system as "weak". So I used a 19 character password (again, a random mix of characters) and this time it was described as "fair".


Given that there are 256 ASCII characters, the determined hacker has a 1 in 5.709 X 10^45 chance of striking it lucky with my 19 character password. (I say lucky - he'd be sadly disappointed at what he found after all that effort). So my question is, what lengths would one have to go to, in order to create a password that could be described as strong?
Parents
  • 0
    I have often referred people to this XKCD   which is despite being a bit tongue in cheek, is very true in its basic thrust.

    And any system worth its salt imposes a short delay between retries - even a few hundred milliseconds is enough to slow down a machine attack to being not much faster than a typist.

    Really secure things do not use a password, complex or simple,  as the sole means anyhow, as they are weak against human attacks - another valid point.  as a cartoon.
Reply
  • 0
    I have often referred people to this XKCD   which is despite being a bit tongue in cheek, is very true in its basic thrust.

    And any system worth its salt imposes a short delay between retries - even a few hundred milliseconds is enough to slow down a machine attack to being not much faster than a typist.

    Really secure things do not use a password, complex or simple,  as the sole means anyhow, as they are weak against human attacks - another valid point.  as a cartoon.
Children
No Data

Join us to get the best from IET EngX.

Joining EngX lets you personalise your experience so you stay up to date on the topics that interest you, plus you’ll be able to make connections who are looking to collaborate, exchange ideas and more.

Join us Not now

Community Rules & Guidelines