Heh…
Character-for-character, password length is more important for security than complexity. Requiring complexity but allowing passwords to remain short makes passwords more vulnerable to attack than simply requiring easier-to-remember, longer passwords. Password size does matter
I am not sure I understand the debate here. Why can’t it be a little of both? Roger is arguing that complexity doesn’t really matter if the length is suffient. Others counter that using the characters Roger says most people don’t use is suffient. What seems to be missing is that people don’t use long passwords or complex passwords. Plus people give out their passwords all the time to anyone.
So what is the point of this argument if no one is going to follow this advice in the real world? If you say it has to be a minimum of 8 characters, then 90% will meet that minimum and have no more. I would love to hear the ire policy makers face when they require passwords with a minimum of 32 characters.
Leave a Reply