"In the first piece in this series we looked at the desirability
of choosing passwords made up of random characters chosen from as
large a pool as possible--preferably including upper and lower case
letters, numbers and special characters such as punctuation marks
"The SANS Institute recommends passwords should be at least 15
characters long, which effectively means that these password can't
be carried around in end users' heads. Let's take a look at how
secure a password this long would be.
"If we take a scenario in which user passwords are made up of
upper and lower case letters and numbers, each password character
can be one of 62 possible characters. A fifteen character password
thus has 62^15, or more than 750 million, million, million, million
possibilities. That's a lot. If you got a pool of a million
computers working on the problem, it would take about 2 million
million years to check them all."