7

Not long ago, the common wisdom was that passwords should be at least 8 characters long. These days, the most common minimum is 12.

Where did these common values originate? Interestingly, 8 is exactly the number of characters in "password" - did that have anything to do with the first?

Was there someone in particular who said "8" or "12", and the rest of the industry followed their recommendation? Or was there some common-use OS or application which arbitrarily decided their minimum, which was then duplicated by everyone else?

Iszi
  • 27,027
  • 18
  • 99
  • 163
  • 4
    Unfortunately, while these may have been recommended lengths, the "common" wisdom was always painfully less than that. It used to be **6** characters not too long ago, and I still see 8 recommended. I rarely see sites recommending 12 or more. – AviD Dec 16 '13 at 19:53
  • possible duplicate of [What technical reasons are there to have low maximum password lengths?](http://security.stackexchange.com/questions/33470/what-technical-reasons-are-there-to-have-low-maximum-password-lengths) – Ivan Chau Dec 17 '13 at 02:04
  • 1
    @IvanChau This is not at all duplicate of that question. The suggested duplicate is asking why applications may be limited in the *maximum* length of password they can accept. This question is about how the common *minimum* length requirements came to be. – Iszi Dec 17 '13 at 02:31

3 Answers3

10

Unix passwords, with the old DES-based crypt() function, were limited to 8 characters (and the high bit of each byte was ignored). Thus, a lower limit of more than 8 characters would simply not have worked.

The driving force for a minimal password size is brute force efficiency: small passwords are unconditionally weak because trying out all combinations of, say, 7 characters, can be done with relatively cheap hardware and not too much time. In particular, in the case of the old DES-based crypt() function, the computational cost of trying one password is low. Therefore, in an "old Unix" context (typical of computer rooms of the 1980s), a minimum size of 8 is the best that can be hoped for, and you really don't want to allow smaller passwords.

I think the "8" comes from that. The rest is a matter of history, sociology, and bananas.

Community
  • 1
Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • 4
    Perhaps worth adding that 7-character passwords are only unconditionally weak against an offline attack, as this is a point often missed. Against an online attack, lockout and intrusion detection are probably more important controls than password length. – Rory McCune Dec 16 '13 at 19:35
  • 1
    Indeed, that's why we can tolerate 4-digit PIN codes on smart cards. Automatic lockout after three mistakes makes such codes tolerable. – Thomas Pornin Dec 16 '13 at 19:41
2

The chimpanzee's testimony

More than 15 years ago I worked as a system admin on Tru64 an operating system developped on top of OSF/1 by Digital Equipment Corporation. This system was built on a 64bit architecture and made many serious advances in fundamental security. One of them was to permit to use DES to manage passwords up to a length of 16 characters. Since I was already well informed of the easyness with which it was possible to break a 56 bits DES, I was one of the first to use more serious passwords. I computed at this time that for me the optimum size of passwords was rather between 12 and 16.

Unfortunately one day... I made a stupid mistake on typing my password to access remotely on my system. I knew I had wrongly typed a character because I was on a foreign keyboard. And it worked. This was a virtual cold water shower straight in the brain.

I immediatly stopped my work in progress (and dropped my banana altogether). I hunted down the ugly bug. One character after the other, I shortened my password to find where was the error.

The limit was quickly discovered: it was at 8. Whatever the characters I entered after the 8 first correct ones, this truncated password was accepted. A bug was immediatly filled to DEC, and a lesson was learnt the hard way.

The same day I immediatly advocated all my colleagues and users to stop using passwords longer than 8 characters, because they were just false security. They should stay at 8 characters limit since for some server the other characters weren't part of the authentication process.

Apparently without the origin of the history, a lot of my colleagues transmitted this religious fear until today ☺. Hence you can see prehistorical OS which still can't cross this 8 characters barrier without the ancestral fear to loose their characters.

They won't stay stucked in this fear forever or… perhaps they will.

dan
  • 3,043
  • 14
  • 35
1

12 comes from the current state of the art in brute-force hashing hardware. A wealthy but otherwise ordinary person can buy two dozen graphics cards, mount them in a well-cooled chassis, load up some specialized GPU software, and execute 348 billion hashes per second. That is enough computrons to brute force all possible 10 character passwords in a very reasonable amount of time. (Unless they're protected by PBKDF2 with a lot of rounds.)

12 random characters is somewhat better than 10 random characters, but its uncomfortably close to being a few dollars away from easy to crack tomorrow.

Much longer passphrases are still better, but if it's just pairs of dictionary words, they will fall easily too.

Of similar note is the answer to the question "Why are North American phone numbers 7 digits long?" Phone company testing showed that to be near the limit of what a human could reliably remember. It's a poor guide, especially if the user is using a dictionary word as his password, but it's easy to see how the advice could carry from one situation to another.

John Deters
  • 33,897
  • 3
  • 58
  • 112