Doing Password Complexity Wrong
Posted: Tue, 8 July 2014 | permalink | 2 Comments
I just made an account on yet another web service. On the suggestion of my
password manager, I attempted to use the password “
W:9[$X*F”. It was
rejected because “Password must contain at least one non-alphabet character,
one lowercase letter, one uppercase letter”. OK, how about “
Yep, that’s fine.
Anyone want to guess which of those two passwords is going to fall victim to a brute-force attack first? Go on, don’t be shy, take a wild shot in the dark!
From: Paul Mellors
Well being the expert user I am, I would say the problem lies with “W:9[$X*F”, I mean take W, it’s the second letter on the keyboard, how easy is that to get ;)
From: Matt Palmer
Wow, I never thought of it that way. That’s probably exactly the problem. (grin)
Post a comment
All comments are held for moderation; markdown formatting accepted.