You are viewing a single comment's thread from:
RE: A brief rant on password security [Edit: Not so brief after all]
Important point! I think the reason we're often encouraged you to use a combination of numbers, letters in both cases and those other characters, is because then they can prove to attackers, each character of one of our passwords have many more possibilities. So maybe there's the assumption that if not forced, people will probably just use lowercase letters 😂
But you're absolutely right, it would be better to force long passwords, they scale like crazy. Tell all and shout from the rooftops, I'm resteeming 👍
True, but the irony is that requiring certain character classes reduces entropy. If there are no restrictions, there's a lot more possible passwords than if there are restrictions, and to a bruteforcing algorithm, it's really handy to be able to skip checking all passwords which don't have at least one of each character class.
Even more importantly, when you require people to have all of those character classes, they overwhelmingly pick one of just a few common password formats (as mentioned in the comic, first pane, bottom left).
More restrictions just makes my job as a cracker easier, not harder, because it gives me more information about your password.
That's true, I mean there's always going to be some restriction by the fact of a character necessarily belonging to a set, but I get what you mean. And good point about giving more information, I hadn't thought of that. 🤠 ➡️🎩