1

I have read in different places that passphrases offer better security and are more user friendly however, I have also read contradictory information thats says longer passwords are not really more secure than shorter ones...so enforcing complex passwords (special charcaters, upper/lowercase ect) would be better?

Any clarity on this with a decent reference would be much appreciated.

Arlix
  • 1,469
  • 3
  • 13
  • 22

2 Answers2

2

Length > Complexity in nearly all circumstances. It is easier for us to remember simple sentences, whereas complex passwords are more difficult.

"Abaconsandwich%ismyfavoritebreakfastitem!" is far, far, far FAR more difficult to guess by any method (bruteforce or dictionary) than something like "B@c0ntim3!?" This is because the number of elements is far more varied and long, and simple inclusions like a % sign inside the sentence can make password cracking all but unfeasible.

Good myths: https://stormpath.com/blog/5-myths-password-security/

Everyone's Favorite: http://xkcd.com/936/

Desthro
  • 1,007
  • 5
  • 5
1

Complex passwords can be harder to memorize but can protect against brute-force(depending on the complexity). Longer passwords consisting of simple words or phrases are easier to remember and can also be very strong against brute-force.

For building a strong password, follow this guide:

  • 8-11: Requires mixed case letters, numbers and symbols
  • 12-15: Requires mixed case letters and numbers
  • 16-19: Requires mixed case letters
  • 20+: Any character you like! (Gold Standard)

A strong password can be so simple as: “Blue Jaguar eye shirt” which is 21 characters (including the spaces). Also use different passwords for different accounts.

Reference: http://arstechnica.com/security/2014/04/stanfords-password-policy-shuns-one-size-fits-all-security/

Grimmjow
  • 666
  • 4
  • 7