Passwords: Some basic math.
Lets just math this for a second.
26 lower case numbers, 26 upper case numbers = 52 possible entries in the slot, add in the 10 numbers for 62, then lets allow a bunch of symbols, On my keyboard there are 32 possible symbol/punctuation options (Assuming that the field would let you use every single one of them, which would be unlikely). This gives us 94 possible inputs for any one of those 8 slots, with 94x94x94x94x94x94x94x94 = 6,095,689,385,410,816 possible combinations. Throw in the space bar and it's 95 in the slot for 6,634,204,312,890,625
Now lets say we let them use a password as long as they want using just lower case letters (no caps sensitive passwords) They opt for something like say: "my dog is named fido and i love him very much" Thats 45 letters long, using only 27 options (26 letters and a space) We get an answer of 2.578513367151428 x 10(to the power of 64)
So that's:
6,634,204,312,890,625 password possibilities vs
257851336715142800000000000000000000000000000000000000000
00000000 password possibilities.
One of these is probably harder to guess/crack? If you simply allow passwords as long as you want and don't force use of upper or lower case or symbols, (but do allow them) the number is 9.446824413773784x10(90) for the same length.
So if we could stop forcing folks to use passwords that it's fine if they're only 8 characters long, but have to contain capital and symbols which make it hard for a lot of folks to remember, meaning they write it down somewhere near the computer, or stick it in a file somewhere on the computer. Meaning that it's GOD DAMN SUPER-EASY to hack or social engineer.... That'd be great. Hell if someone used "Many hands make light work" as their password it's 6.779108886313575x10(44) combinations. And they might not FREAKING FORGET IT. Meaning that they wouldn't then have to go through the password recovery system, which is also easily abused to hack an account.
Just my 2 cents worth.
Labels: annoyances, passwords, security