Subscribe: Comments on: Protecting your assets using one word – The Password
Added By: Feedage Forager Feedage Grade B rated
Language: English
brute force  brute  case digits  case upper  case  characters  combinations  force  lower case  password  special characters  special 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Comments on: Protecting your assets using one word – The Password

Comments on: Protecting your assets using one word – The Password

Brought to you by GFI Software

Last Build Date: Thu, 08 Mar 2018 18:28:22 +0000


By: Emmanuel Carabott

Fri, 11 Dec 2009 10:13:19 +0000

I agree that using special characters will significantly increase the password strength. The reason I didn't mention that was as it also makes the password harder to remember which is, in my opinion, one of the major issues with people not using strong passwords. In retrospect though I think I should have at least mentioned it. If we take an 8 character password which is composed of 3 lower case, 3 upper case and 2 digits we'd have a password that gives about 30 billion combinations; while if it were to be made of 2 lower case, 2 upper case, 2 digits and 2 special characters that would make about 45 billion combinations More than that, anyone trying to brute force your password might actually not include special characters at all in his brute force set due to the bigger timescale required, thus it would ensure that for that attack your password cannot be cracked at all. That being said length is obviously your ally as well. In order for a brute force attack to crack the password given in the example: Mc2322UtPaDnW2D an attack needs to be configured to go through 14 qunitrillion combinations (thats 10 to the power of 18). If one adds special characters to this password it can be shortened by a couple of characters and keep the same number of combinations, so just see what's easiest for your users to remember. In any case both passwords will need 1000s of years to brute force so one should be pretty safe there.

By: blak3x

Thu, 10 Dec 2009 17:12:19 +0000

Good post. Though one should also mention that ideally not only letters (caps and not) and numbers should be used since brute force applications still find it relatively easy to crack them. One should also use other special characters such as @#$ etc.