![]() An eight character password isn't great, but as long as you use a reasonable variety of characters, it should be sufficiently resistant to attack.īy attack, I don't mean an attacker automating a web page or app to repeatedly enter passwords. I chose a default of 8, based on what I knew from my speed hashing research. ![]() When we built Discourse, I had to select an absolute minimum password length that we would accept. That's why I was always a fan of passphrases, though they are exceptionally painful to enter via touchscreen in our brave new world of mobile – and that is an increasingly critical flaw. All other things being equal, the law of exponential growth means a longer password is a better password. The easiest way to build a safe password is to make it long. If you can't avoid storing the password – the first two items I listed above are both about avoiding the need for the user to select a 'new' password altogether – then showing an estimation of password strength as the user types is about as good as it gets. This is commonly done with an ambient password strength meter, which provides real time feedback as you type. Match common dictionary words: anteaters1 Nag users at the time of signup when they enter passwords that are … Chrome, at least, is moving in this direction. Ideally supported by the OS as well, but this requires cloud storage and everyone on the same page, and that seems most likely to me per-browser. Urge browsers to support automatic, built-in password generation and management. The best password is one you don't have to store. Stop requiring passwords altogether, and let people log in with Google, Facebook, Twitter, Yahoo, or any other valid form of Internet driver's license that you're comfortable supporting. If you are lucky they might use a couple passwords instead of the same one. No matter what you tell them, users will re-use the same password over and over on multiple devices, apps, and websites. No matter what you tell them, users will always choose simple passwords. Here's what I know to be true, and backed up by plenty of empirical data: But like taxes, email, and pinkeye, they're not going away any time soon. I'm a little tired of writing about passwords.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |