Which is better for password security, length or complexity?

henyfoxe
henyfoxe1 week ago

Debate over coffee this morning was which is superior, a password that is very lengthy (15+ characters) or very complex (use of symbols like #,$,%,^)?  I realize that either are far superior to the average password, but which would be the more secure choice?  

Tags: password, security
Topic: Security
Answer this Question

Answers

4 total
jimlynch
jimlynch 14 weeks ago
Vote Up (2)

I suggest using both. Why do just one or the other? Make your passwords as difficult as possible for somebody to mess with.

Here are some links on how to create strong passwords:

Create strong passwords
http://www.microsoft.com/security/online-privacy/passwords-create.aspx

Password Protection: How to Create Strong Passwords
http://www.pcmag.com/article2/0,2817,2368484,00.asp

How To Create Strong Passwords That You Can Remember Easily
http://www.makeuseof.com/tag/how-to-create-strong-password-that-you-can-...

dblacharski
dblacharski 14 weeks ago
Vote Up (2)

Ahh, the never ending debate! If you use an app to keep track of passwords, you can do the long/complex thing pretty easily. But if you need strong passwords that are also something you can recall from memory, you might want to try taking song lyrics, and use the first letter of each word. For example, "Yankee doodle went to town, riding on a pony. Stuck a feather in his hat and called it macaroni," would be Ydwttroap!safihhacim! I added the exclamations because a rousing song like that just demands them, and it adds slightly to the security of the p/w. That should be a handful for most brute force attacks to handle, yet it remains easy to recall without the need for a password manager. Different songs for different accounts is also wise. I find Rage Against the Machine works well for banking!

decibel.places
decibel.places 14 weeks ago
Vote Up (3)

Why not use both complexity and length?

 

I use the KeePass app to save login info and copy it between my laptop and phone, and desktop when I use one. I use it because I possess the data, it's not in the cloud somewhere - I also have it on a USB stick (and yes, it is password-protected too). Some devs will give you an exported KeePass db and its password separately when transferring sensitive logins (db connections, superusers etc).

 

KeePass also tells you how secure a password is before you save it:

 

DxitLOazKJEGvjo 15 letters is 86bits

8ZzEm6IMON4H0su adding numerals is not much more secure, 87 bits

jIsrk;QRlq8@&Bi adding special characters is 99 bits

 

C1!x0 reducing that to 5 characters it's 32 bits

kNJWt letters only is 29 bits, so for a short PW the complexity is not adding much

 

explain xkcd says length is more important than complexity; and that was demonstated by my examples

 

more info on Wikipedia

 

 

 

 

 

 

 

sandeepseeram
sandeepseeram 1 week ago
Vote Up (0)

Strong Passwords should have

- a combination of upper case & lower case

- numbers

- special characters

 

Length: 8-15

 

 

Sandeep Seeram

Answer this Question

Related Questions

lbloom
lbloom
25 weeks ago
When was the last time you changed your password?

My boss doesn't want any passwords to ever change - which is very bad security policy. Experts say that you should not use the same...

Tags: password, security
Answer It
mstrauss
mstrauss
44 weeks ago
How secure is your data center?

Much media attention is paid to stories about hackers using sophisticated tools for breaking into systems VIRTUALLY, just using network...

Tags: data center, security
Answer It
RomanZ
RomanZ
29 weeks ago
Is it safer to hire hackers or prosecute them?

Should companies embrace former hackers as security experts, or is it better to label them as public pariahs? Some executives rightfully...

Tags: hacker, security
Answer It
rtrembley
rtrembley
24 weeks ago
How to stop a Shady Rat attack on your business?

How did the hackers invade so many US companies computer systems without being detected? How can my company protect ourselves from IP...

Tags: security
Answer It
ablake
ablake
41 weeks ago
What's the limit for characters in Windows passwords?

I came across this interesting comic which explains in a roundabout way that choosing a passphrase is more secure than choosing...

Tags: password, windows
Answer It

Ask a question

Join Now or Sign In to ask a question.
Mayor of New Jersey town arrested on hacking and conspiracy charges
The mayor of West New York, New Jersey, was arrested together with his son on Thursday, for allegedly hacking into a website that criticized him and his administration.
Unthethered jailbreak for iOS 5.1.1 available for download
Absinthe 2.0, the jailbreak for iOS 5.1.1, is ready and available for download, the Jailbreak Dream Team announced at the Hack in the Box conference in Amsterdam on Friday.
Judge orders drug evidence suppressed in warrantless GPS tracking case
A federal judge in Kentucky this week upheld a lower court's decision to throw out crucial evidence in a drug case because the evidence was gathered with the help of a GPS tracking device installed without a warrant.
Lawmakers call on DOJ to reopen investigation into Google Wi-Fi spying
Two U.S. lawmakers have called on the U.S. Department of Justice to reopen its investigation into Google's snooping on Wi-Fi networks in 2010 after recent questions about the company's level of cooperation with federal inquiries.
Researchers propose TLS extension to detect rogue SSL certificates
A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently-issued SSL certificates.
Windows 8 to run Adobe Flash only on some websites
The touch-centric Metro version of Internet Explorer 10 in Windows 8 is plug-in free, but the browser may still be able to run Adobe Flash video, according to an online report. Microsoft is reportedly taking the Google Chrome approach with IE10 and building Flash capability directly into the touch-friendly browser. But Flash won't be available for every site on the Web in Metro IE10. Instead, Microsoft will only extend the capability to select popular sites, according to Windows bloggers Paul Thurrott and Rafael Rivera.
European privacy regulators want more detail on Google's policy changes
vour rhz
Yahoo leaks private key, allows anyone to build Yahoo-signed Chrome extensions
Yahoo was forced to release a new version of its Axis extension for Google Chrome after the original one contained a private key that allowed anyone to digitally sign extensions in Yahoo's name.
Security researcher urges IT managers to keep up with SAP patches
More than 95 percent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.
Bug bounty hunters reveal eight vulnerabilities in Google services
Security researchers unveiled eight vulnerabilities in Google services during the Hack in the Box conference in Amsterdam on Thursday -- but they claim to have discovered more than 100 such bugs over the past few months.

White Papers & Webcasts

White Paper

IDC Vendor Spotlight

Your company needs backup and recovery that supports a tiered-recovery model. This IDC Vendor Spotlight examines the modern forces driving the advancements in today's data protection technologies, and a complete backup and recovery solution that works across physical, virtual and cloud environments.

White Paper

vRanger Helps Cut Replication Time by Almost 70%

There's a reason why more than 38,000 customers trust vRanger to protect their critical virtual data! In this Quest Software case study, see how vRanger helped Cornerstone Bancshares, Inc. cut replication time from days to minutes - and how this translated to real time and money savings.

White Paper

ESG: Product Brief: Quest vRanger 5.3 brings enterprise-class VMware protection to SMB's

Free paper: how virtualization impacts SMBs, and strategies for enterprise-class VMware protection

White Paper

Forrester Report: The ROI of Cloud Apps

Cloud apps continue to gain momentum in the enterprise as buyers are attracted to fast deployment speeds, low upfront costs, and ongoing flexibility to scale up or down as needs change. This report analyzes the five-year ROI for cloud apps across CRM, ERP, collaboration, and IT service management.

White Paper

The Cloud: Reinventing Enterprise Collaboration

Collaboration and content sharing are not, of course, new concepts. But cloud computing has changed the nature of collaboration, content sharing, document storage and project management to enable more efficient, faster-acting and cost-effective enterprises. According to a new study by IDG Research, the vast majority of knowledge workers (86%) placed a very high level of importance on collaborating with internal coworkers and external stakeholders, and having access to the most up-to-date corporate information. Read how organizations are realizing massive productivity gains by transitioning their content management solutions to cloud-based models.

See more White Papers | Webcasts

Most Active Members

jimlynch

jimlynch

0 questions | 854 answers

TRUSTED VOICE
lsmall

lsmall

14 questions | 86 answers

lbloom

lbloom

24 questions | 70 answers

dblacharski

dblacharski

22 questions | 69 answers

becker

becker

37 questions | 53 answers