Wednesday, August 17, 2011

Password Strength

This comic is saying that the password in the top frames "Tr0ub4dor&3" is easier for password cracking software to guess than "correcthorsebatterystaple". And this is absolutely true that people make passwords hard to remember because that means that they are "safer".

The important thing to take away from this comic is that longer passwords are better because each additional character adds much more time to the breaking of the password.

Steve Gibson from the Security Now podcast did a lot of work in this arena and found that this password 'D0g.....................' is harder to break than this password 'PrXyc.N(n4k77#L!eVdAfp9'. Steve Gibson makes this very clear in his password haystack reference guide and tester:

'Once an exhaustive password search begins, the most important factor is password length!'

That's what xkcd is trying to get through here. Complexity does not matter unless you have length in passwords. Complexity is more difficult for humans to remember. Length is not.

No comments: