Re^8: Password strength calculation

If don't have a length restriction, the majority of people will still use more than that and he has to look.

Sure, but security should work for everyone, not just the majority.

Without a length restriction, a significant minority will pick short passwords. If there are 12 people that can access my credit card information, I'm not satisfied if the majority of them picks a long password. I rather want it enforced that all of them have a long password; I think that outweights the 17 seconds an attacker gains.

Comment on Re^8: Password strength calculation

Replies are listed 'Best First'.
Re^9: Password strength calculation by BrowserUk (Patriarch) on Jan 21, 2012 at 10:28 UTC
You are still missing the point. If you are going to apply a minimum, then it should be at least 12. By enforcing 6 or 8, you are encouraging unsafe passwords. With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. The start of some sanity?	[reply]

Replies are listed 'Best First'.

Re^9: Password strength calculation
by BrowserUk (Patriarch) on Jan 21, 2012 at 10:28 UTC

You are still missing the point. If you are going to apply a minimum, then it should be at least 12.

By enforcing 6 or 8, you are encouraging unsafe passwords.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

The start of some sanity?

[reply]