FLG's post on the subject of passwords reminded me that I had to change my Duke webmail password this week. My former password was one of my long-standing favorites, a very long phrase that is so obscure within the obscurity of where the term came from that I can tell you it was lifted from something I listened to a lot in 2000, and probably even tell you the band, and leave you none the wiser as to the term. The key to it was 'very long.'
But Duke has a new system that, apparently, caps passwords at 20 characters and requires at least one capital letter and one symbol. Because I do not make a point of memorizing lots of passwords and I needed to create one right at that moment, I went with one of my old standbys, which is only 8 characters long. Perhaps I don't understand the math involved, but I always worked under the assumption that the best guarantee of security for a password, other than randomness, was length. So I'm fairly certain that my webmail became significantly less secure in the name of 'security.'
"Thou shalt not extinguish thine anger, but shall master it,
that thy conscience may not be blunted by adjustment
to wrong causes."
-The Dutch Ten Commandments to Foil the Nazis
1 comment:
The most important factor in the security of a password is the length.
If you password went from more than 20 characters to 8 then it is definitely less secure.
Post a Comment