The Great Password Question That Won’t Die, “Just how long should a password be?”
In one of my LinkedIn discussion groups, a member, who we will call MB, posted this simple question back on March 14, 2010: “How long should a password be?” Well as of 11/11/11 and over 1,350 comments later, the discussion keeps going and going and going. It seems to have gained a life of its own. And while I can’t say I have read every comment, I did read enough to pick out some common themes, beliefs and suggestions that I will attempt to summarize in this article.
Observation 1: There is no right answer to the length.
This is probably true, at least if one looks at the problem from a single point of how long a password should be. As computers get faster and faster, and there are cyber attacks that can share unused processing power from a whole network of unknown computers (Botnets), the time it takes to crack 8, 9, 10 character passwords gets shorter and shorter. So length alone is not the fix to password security. Read More→