Password Question

katman96katman96 Member Posts: 4 ■□□□□□□□□□
I have a question about password practices while I have been studying for my Net + exam. I have seen a few documents that state you should keep your passwords to a minimum length. Is this true? if yes what is the reasoning behind it? Thanks


  • Options
    RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Yes that is true

    Minimum length should be 8 charachters and preferably using symbols as well. The reasoning behind this is that a simple password cracker will nail anything shorter way too quick (this can be as short as 10 minutes for a 6 charachter p/w that is text only).

    A nice and secure password would look something like this ...

    password = P@s$w0rD

    Note the use of charachters is not constant s = s and $ and not both $$ - the number 0 is there and also capitals are used for 2 charachters. All of these combine to create what is known as a complex password.
    FIM website of the year 2007
  • Options
    bluemasonbluemason Member Posts: 31 ■■□□□□□□□□
    Generally you'll find that passwords are required to be between 6-12 or 8-12 characters in length... if that wasn't imposed, you know someone would use 123 or abc icon_smile.gif ..but it all depends on the setup, of course ( afaik )
  • Options
    Chivalry1Chivalry1 Member Posts: 569
    I agree with my brother BlueMason , you have to enforce these types of policies on your network. Or people would have relatively easy passwords. A secure PASSWORD is important. Ensure that there is a good mixture of 3 THINGS: Letters, Characters, and Numbers.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
  • Options
    Ten9t6Ten9t6 Member Posts: 691
    Don't forget UPPER and lower case letters. icon_wink.gif

    But, you do need to watch all of this...it is a fine balance. If you force 8-12 character passwords with a combination of upper / lower case, numbers and special characters...and then you force regular password changes....users will try to find ways around the raised security. This leads to passwords taped to monitors, under keyboards, or in an open drawer at their desk. This defeats the purpose of the secure passwords. If you need to be really secure I would think about using some sort of multi-factor authentication..

    Just something to think about.

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
Sign In or Register to comment.