Password Question
I have a question about password practices while I have been studying for my Net + exam. I have seen a few documents that state you should keep your passwords to a minimum length. Is this true? if yes what is the reasoning behind it? Thanks
Comments
-
RussS Member Posts: 2,068 ■■■□□□□□□□Yes that is true
Minimum length should be 8 charachters and preferably using symbols as well. The reasoning behind this is that a simple password cracker will nail anything shorter way too quick (this can be as short as 10 minutes for a 6 charachter p/w that is text only).
A nice and secure password would look something like this ...
password = P@s$w0rD
Note the use of charachters is not constant s = s and $ and not both $$ - the number 0 is there and also capitals are used for 2 charachters. All of these combine to create what is known as a complex password.www.supercross.com
FIM website of the year 2007 -
bluemason Member Posts: 31 ■■□□□□□□□□Generally you'll find that passwords are required to be between 6-12 or 8-12 characters in length... if that wasn't imposed, you know someone would use 123 or abc ..but it all depends on the setup, of course ( afaik )
-
Chivalry1 Member Posts: 569I agree with my brother BlueMason , you have to enforce these types of policies on your network. Or people would have relatively easy passwords. A secure PASSWORD is important. Ensure that there is a good mixture of 3 THINGS: Letters, Characters, and Numbers."The recipe for perpetual ignorance is: be satisfied with your opinions and
content with your knowledge. " Elbert Hubbard (1856 - 1915) -
Ten9t6 Member Posts: 691Don't forget UPPER and lower case letters.
But, you do need to watch all of this...it is a fine balance. If you force 8-12 character passwords with a combination of upper / lower case, numbers and special characters...and then you force regular password changes....users will try to find ways around the raised security. This leads to passwords taped to monitors, under keyboards, or in an open drawer at their desk. This defeats the purpose of the secure passwords. If you need to be really secure I would think about using some sort of multi-factor authentication..
Just something to think about.Kenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA