[Author Prev][Author Next][Thread Prev][Thread Next]
[Author Index (this month)][Thread Index (this month)][Top of Archive]

Re: User name/password length

Subject: Re: User name/password length
From: Sandy Harris <sandy -at- storm -dot- ca>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Sat, 03 Jul 2004 04:28:58 +0800


Nina rogers wrote:

Usually, when I instruct a user to enter their user name and password, I
tell them whether the system is case-sensitive,

Almost any password system should be case sensitive. This greatly
increases the number of possible passwords making brute force attacks
harder.

whether it accepts numbers and/or letters,

Some may accept %$# etc or even control characters. If the system allows
it, it is a good idea to use such characters.

Are spaces allowed? Hypens? Underscores?

I think you need to talk about the characteristics of good passwords;
easy to remember but hard for an enemy to guess.

Don't use English words, or for that matter other languages. There's
a site at oxford.ac.uk with dictionaries for multiple languages, for
use in such attacks. Don't use your lover's name, your birthdate, ...

what the minimum and maximum length for such words are, etc.

If the maximum length for a password is 50 characters, do I need to state
this in the documentation?

Yes.

I am inclined to include it--not because I think
anyone would ever want a 50+ character password, but because this is a
combined user/administrator guide ... and, well, because it's not stated
anywhere else.

At the same times, it looks silly to say that a password shouldn't be more
than 50 characters!

Some software allows a passphrase. If you're protecting something
important, this may be both easier to remember and harder to guess
than a password. I routinely use a PGP passphrase around 40 characters
and would expect paranoids to have longer ones.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ROBOHELP X5: Featuring Word 2003 support, Content Management, Multi-Author
support, PDF and XML support and much more!
TRY IT TODAY at http://www.macromedia.com/go/techwrl

COMPONENTONE DOC-TO-HELP 7 PROFESSIONAL: From a single set of Word documents, create online Help and printed documentation. New version offers yearly subscription service, Natural Search, Modular TOC Utility, Image Map Editor, Theme Designer, Context String Editor, plus more. http://www.componentone.com/doctohelp .

---
You are currently subscribed to techwr-l as:
archiver -at- techwr-l -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.


References:
User name/password length: From: Nina rogers

Previous by Author: Quick Question [sorry I am not doingn too much research]
Next by Author: Re: Quick Question [sorry I am not doingn too much research]
Previous by Thread: User name/password length
Next by Thread: Re: User name/password length

[Top of Archive] | [Author Index (this month)] | [Thread Index (this month)]

What this post helpful? Share it with friends and colleagues:

Sponsored Ads