Password Rules

By JKHoffman, 2 April, 2021

Do you know those horrible password rules about adding random characters and numbers and stuff?

IT professionals hate them, too. Honest. I can say that because I am, in fact, an IT professional and have been for just shy of thirty years. (You can read more about my qualifications to call myself an IT pro at my other website, which includes Jim Hoffman's CNE Resume, because, yes, I've been doing this so long I'm certified in things that no one really uses anymore.) I remember when the standard for passwords changed, requiring normal people to do things like including special characters or numbers and a mix of upper case and lower case letters. We were told that it would make the resulting passwords exponentially harder to guess. At the time, that may have been true, though I doubt it. It turns out, those rules were written by a government bureaucrat who used an out-of-date white paper to make his recommendations. And, now, even that bureaucrat regrets making those rules that only make your password harder to remember. Also, all that advice about translating a famous quote into a password by changing out words for symbols or letters? Essentially useless. With the computing power of moderns machines, the randomness of a short password really doesn't matter at all. Length is the real key. So, having a password like "P@SSw0rd" isn't significantly more secure than "password", except, of course, that hackers are likely to guess the simple words first and "password" is actually one of the ten most popular passwords. So don't use that. What's better is to use a longer password, like an entire sentence without punctuation. And, if you have to include numbers and special characters, just tack them at the end or beginning. In other words, something more like "MyPasswordIsVerySecure@9", because the length of that password IS exponentially harder to guess than "password". Don't believe me? Then just look at this infographic that shows how the length of your password is really the determining factor in how hard it is for hackers to crack.

[embed]https://www.dailyinfographic.com/brute-force-your-password[/embed]

Of course, some systems limit the length of a password, unfortunately, but, until everyone else catches up to us, you have to work with what you're given.
Come back next week to see what uncomfortable truths I have to share with you!

Comments