Ok, this is something that has troubled me for some time now, but what is it with all of the password length and character restrictions for various services on the internet? Don’t get me wrong, I whole-heartedly agree with having lower bounds on password strength (must be greater than 6 characters, must contain a non-alphabetic character, etc) … but what’s wrong with having a password that’s 128 characters? Or contains non-alphanumeric (or, perhaps, even non-printable) characters? If you use md5 to ‘encrypt’ the password before storing it, it all comes out to the same length anyways (32 characters, unless you’re doing salted hashes, but either way…), so what’s the point? Perhaps sites that don’t allow long passwords, or certain characters for passwords AREN’T encrypting them.
The main reason I ask this, is because I use a tool called KeePass to keep track of my passwords for me. I generally have it create 16 character passwords with as many different kinds of characters as the site will allow, for increased security. A lot of sites I’ve come across lately don’t even allow non-alphanumeric characters (other than maybe hyphen (-) or underscore (_)), and to me that just seems silly.
Perhaps they feel if they restrict people to using simpler passwords they’ll have less tendency to forget it, or write it down. In my opinion, they should be encouraging people to use strong passwords, not discouraging them.
Oh well!
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment