[x]Blackmoor Vituperative

Tuesday, 2011-08-16

“Complex” passwords are not more secure

Filed under: Security — bblackmoor @ 10:03

I have been saying for years that passwords, as a concept, need to go away. As implemented, passwords don’t work, and the ludicrous “complexity” requirements imposed my many companies are little more than a guarantee that the user will write their password down, which is one of the easiest ways for a system to be compromised.

Here’s a cartoon from xkcd that illustrates why ridiculous password policies don’t even make sense from a security perspective.

password strength

The gist of it is this: long passwords (passphrases, actually) are more secure than short ones.