# Password Length Vs Password Complexity



## Clark Kent (Oct 3, 2006)

*Password Length Vs Password Complexity
By ping898 - Tue, 03 Oct 2006 18:47:40 GMT
Originally Posted at: Nephrites Citadel*
====================

Passwords in and of themselves are really worthless in the environment we live and work in because people tend to pick simple obvious ones or when they pick more complex ones, write the passwords down, defeating the point of a password in the first place. However, be that as it may, passwords as a security mechanism aren't going away anytime soon. 

So I am wondering....is 8 character complex password not as secure as say a 16 character lower-case alpha password. While I can see this from a purely brute force standpoint, what I don't know is whether dictionary or other attacks can be effectively used against passwords made up of a set of concatenated words. For example, is it easy (or easier) to crack a password such as "good ice cream" than "$%4Xsood"?

I know that I have a personal "dictionary" of passwords I use, which come in all lengths and complexities, but are familiar enough to me that I don't need to write them down and rarely lock myself out of an account. I know for say work I have something along the lines of a 12 character password that includes special chars, but for one email account, I have like a password that is a sentence and includes only alpha/numeric chars. 

Any thoughts on which is more secure...?


Read More...


------------------------------------
Nephrites Citadel - SciFi/Fantasy/Anime and More!


----------



## Grenadier (Oct 3, 2006)

Passwords, ideally, should be a mixture of lower case and upper case letters, along with tossing in at least numbers and / or symbols in there, and shouldn't contain words found in a dictionary.  If someone has problems memorizing it, he can create a blank Wordpad document, and start typing it over, and over, and over, and over, until it becomes embedded in that grey matter.  

An 8 character password using the above combinations would be plenty sufficient.


----------

