-2

I often register at different sites and I generate password for every one.

What length should I use? What is the maximum reasonable password length? 10, 50, 100 characters?

schroeder
  • 125,553
  • 55
  • 289
  • 326
user110340
  • 11
  • 2
    It depends on the password policy of the website, but I usually use a length of at least 25 characters where possible. My passwords always contain letters (both lowercase and uppercase), numbers and special characters. – Technidev May 11 '16 at 19:33
  • I would suggest using google or searching Information Security SE to find how long it would take to brute force passwords at varying length and complexity, and use that as a guideline. After that every account has a unique password, with whatever length and complexity you choose. You could make an 8 character password work, and length isn't the main problem. – dakre18 May 11 '16 at 19:43
  • 1
    Also worth noting that many sites have arbitrary maximum password lengths, some of which aren't advertised, and some of which will silently truncate a password at a certain number of characters. Totally infuriating and unjustifiable issue, but a very real one. – HopelessN00b May 11 '16 at 20:04
  • 1
    Define "reasonable"? If you use a password manager, then you can use the max possible for the individual site. – schroeder May 11 '16 at 20:57

1 Answers1

0

The larger the password the better; however, if it is long, and you forget what the masterpassword is, or you lose access to the text file where this is stored, you are in big trouble. In addition, signing in on a mobile device can be a pain if the password is long (unless you send it to yourself, which is a risk). So, as a result, I have found that around 20 characters does the trick since most sites have an upper limit... In addition, I recommend that you look at the entropy. (Shannon works well)

PMARINA
  • 117
  • 3