When I opened my eTrade account years ago, it limited me to a max of 6 chars.<http://chars.It>
It's not like it's protecting anything important. </sarcasm> Sent from my Palm Pre on the Now Network from Sprint ________________________________ On Aug 10, 2011 7:23 PM, Andrew S. Baker <asbz...@gmail.com> wrote: And, many apps *still*have limits on password length that hamper passwords above 10 or 12 characters. -ASB: http://about.me/Andrew.S.Baker Sent from my Motorola Droid On Aug 10, 2011 6:10 PM, "Webster" <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: > Because the security team and or auditor are simply following a check list. > Complex passwords required - check. My job is done. > > Carl Webster > Consultant and Citrix Technology Professional > http://www.CarlWebster.com<http://www.carlwebster.com/> > > > From: Steve Kradel [mailto:skra...@zetetic.net<mailto:skra...@zetetic.net>] > Sent: Wednesday, August 10, 2011 5:06 PM > To: NT System Admin Issues > Subject: Re: Almost, but not quite OT: Passwords > > It looks like Randall @ xkcd supposes each word in "correct horse battery > staple" has 11 bits of entropy, which is to say, the person choosing the > password has a comfortable vocabulary of 2^11 (2,048) words from which he > will pick four at random. (2048^4 is the same as 2^44.) I think 2,048 words > is a pretty low estimate, at least in English, but that's not really the > point... > > On the other hand, he suggests forcing people to choose "strong" passwords > presses humans into a doofy pattern that is actually much *less* random than > four dictionary words. 16 bits of uncertainty for the "uncommon base word" > means the user has possibly picked a "difficult" dictionary word (from a > vocabulary of 2^16 = 65,536 words -- generously more than a normal person > knows), and then mangles it up a little bit in semi-predictable ways to > satisfy the password strength checker. > > It definitely raises an interesting question... why do so many organizations > elect for minimum 8-character complex passwords, instead of "non-complex" > passphrases of at least 16 or 20 characters, when the latter would be easier > to remember and probably stronger? > > --Steve > On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott > <crawfo...@evangel.edu<mailto:crawfo...@evangel.edu><mailto:crawfo...@evangel.edu<mailto:crawfo...@evangel.edu>>> > wrote: > Interesting. I'd like to understand how the bits of entropy are calculated > though. > > From: Andrew S. Baker > [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com><mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>>] > Sent: Wednesday, August 10, 2011 4:06 PM > To: NT System Admin Issues > Subject: Almost, but not quite OT: Passwords > > http://xkcd.com/936/#<http://xkcd.com/936/> > > Yet, very pertinent. > > > > > ASB > > http://about.me/Andrew.S.Baker > > Harnessing the Advantages of Technology for the SMB market... > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com><mailto:listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
