Options

password length?

baquimmbaquimm Member Posts: 4 ■□□□□□□□□□
in Security+
Hello all - Could someone please tell me the optimal password length needed? In the Sybex book it states 10 characters, but in another quiz I was taking it said 8 (10 was an option, but it marked it wrong). I looked at the tech notes but it did not state a recommended length.

Thanks again!
· Share on FacebookShare on Twitter

Comments

  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    There isn't one. It's going to vary based on things like processor power (for cracking the password), how important what you're trying to secure is, etc. Each character you add will increase the strength exponentially, so longer is better (that's what she said), to a point. If you make them too long and complex, people will just write them down and compromise the security you're trying to achieve. Length isn't everything either (that's what she said). If you just use a long, common word, it can quickly be cracked. You should consider making passwords meet some sort of complexity requirements (numbers, changing case, special characters) as well. Some people recommended leaving out all the special characters (which can make passwords difficult to remember) and instead increase the length and use a nonsensical phrase that's easy to remember but difficult to crack, like purplebananaplaypencoaster. That's a 26 character password which is easy to remember!

    I think 8-10 as a general rule is fine. I believe 8 is starting to be come weak though, so you may want to use 9+ in practice.
    · Share on FacebookShare on Twitter
  • Options
    baquimmbaquimm Member Posts: 4 ■□□□□□□□□□
    Thanks, I did see in another section of technotes it stated 8 as minimum, but I agree that even that is becoming weak. I guess for the test I will use 8, but in practice I will recommend 10.
    · Share on FacebookShare on Twitter
  • Options
    rbutturinirbutturini Member Posts: 123
    I would say 8 will be correct for the exam. I think that's based around the principle of how Windows LM hashes work and if you have less than 8 it can easily be detected.
    · Share on FacebookShare on Twitter
  • Options
    astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    8 characters is the answer CompTIA is looking for (butturini touched on the reason). But pass phrases like dynamik mentioned are far more secure, rainbow tables have made even complex 8 character passwords relatively easy to break and it's only going to get worse.

    "Maryhad16littlelambs2choosefrom!" is a great password - the challenge is many users have trouble accurately typing that into a masked password field (where they can't see what they've typed).
    twitter: @astorrs
    profile: linkedin.com/in/astorrs
    · Share on FacebookShare on Twitter
  • Options
    nangananga Member Posts: 201
    i dont think there is a good password strength as such. Like they say for cryptographic keys, they are considered safe until they are broken.

    But to make your password strong there are tricks u can use
    -non dictionary words
    -alphanumeric characters
    -mix upper and lower case
    -use special characters
    -use a combination of 2 languages to make up your password.
    -dont use common words or slangs
    -........................many more
    - if are so strict , try using a password recovery tool such as john ripper, Loptcrack etc to audit your own password.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.