It requires a pass phrase. On a related note, I remember reading an article that had some interesting things to say about password security. I tried to find it, but I ended up with this blog post that does not include the derived "millions of years" numbers: http://blogs.technet.com/b/robert_hensing/archive/2004/07/28...
The main point is to use a pass phrase. You can satisfy almost everyone if you make sure to include some caps and numbers in it where it makes sense. The original article I read determined that it was sufficient to have a phrase of at least three plain English words! The blog post goes over the WHYs.
So I am suggesting: if you are going to put a pass phrase into this software in the first place, just use the pass phrase.
The only trouble here is that you need a backup plan. Sysadmins like to make you change your password periodically, and this policy differs for every system you use, so you have to somehow remember your new passwords/pass phrases along with which sites have your old passes.
The sysadmins have good reason: what if someone DID figure out your password/pass phrase? and what if you did not know it? Changing it cuts off the enemy's access, yes, but if there is a pattern to your choice of phrase across sites, you are in trouble.
So how do we solve the problem of making passwords/phrases easy to remember, easy to change, and super hard to crack?
5 comments
[ 2.6 ms ] story [ 21.9 ms ] thread6 points, 1 hour ago? Let's hope that's because those are legit upvotes before the site went down.
The main point is to use a pass phrase. You can satisfy almost everyone if you make sure to include some caps and numbers in it where it makes sense. The original article I read determined that it was sufficient to have a phrase of at least three plain English words! The blog post goes over the WHYs.
So I am suggesting: if you are going to put a pass phrase into this software in the first place, just use the pass phrase.
The only trouble here is that you need a backup plan. Sysadmins like to make you change your password periodically, and this policy differs for every system you use, so you have to somehow remember your new passwords/pass phrases along with which sites have your old passes.
The sysadmins have good reason: what if someone DID figure out your password/pass phrase? and what if you did not know it? Changing it cuts off the enemy's access, yes, but if there is a pattern to your choice of phrase across sites, you are in trouble.
So how do we solve the problem of making passwords/phrases easy to remember, easy to change, and super hard to crack?