Reply to post: @Paul Kinsler

Third of US banks OK with passwords even social networks reject

Tom 13

@Paul Kinsler

Up vote for doing the maths.

Still there is a problem in that the maths are only a minor input into the real problem. We all know the most standard rule for passwords these days: x character or more long, at least one each of upper, lower, number, special character. The problem is people. They want something they can remember, which usually reduces it to dictionary words with numbers and specials tossed in or morphed into l33t spe@k. So you're now at significantly less than 92^n instances you need to check. Then we get to the really interesting thing they found in a recent study. Given that rule, most people select EXACTLY one upper, lower, and special. And that drastically reduces the size of dictionary hackers use for their attacks.

As the guy creating most of our email accounts I've gotten use to creating complex passwords from simple phrases (eg: B1t!nGtH3H@nDtHaTfE3d$; our email system doesn't allow dictionary words of 4 or more characters). And I have to say the most annoying websites are the ones that cut down your list of special characters and limit your word length. For the life of me I can't set one for our conferencing system and I can't memorize the ones they generate for you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019