Linux Today: Linux News On Internet Time.

Does Size Matter? Picking a Sane Password Policy

Sep 22, 2009, 16:35 (0 Talkback[s])
(Other stories by Paul Rubens)

"In the first piece in this series we looked at the desirability of choosing passwords made up of random characters chosen from as large a pool as possible--preferably including upper and lower case letters, numbers and special characters such as punctuation marks and symbols.

"The SANS Institute recommends passwords should be at least 15 characters long, which effectively means that these password can't be carried around in end users' heads. Let's take a look at how secure a password this long would be.

"If we take a scenario in which user passwords are made up of upper and lower case letters and numbers, each password character can be one of 62 possible characters. A fifteen character password thus has 62^15, or more than 750 million, million, million, million possibilities. That's a lot. If you got a pool of a million computers working on the problem, it would take about 2 million million years to check them all."

Complete Story

Related Stories: