[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Passwords : include a space
- From: "Stephan Wehner" <stephanwehner@xxxxxxxxx>
- Subject: [WEB SECURITY] Passwords : include a space
- Date: Mon, 28 Jan 2008 12:33:17 -0800
Here is a simple way to increase password security with respect to
dictionary attacks:
* Passwords must contain at least one space character
* When the user chooses a new password, tell them they should enter
at least two words, separated by a space.
(Example: yellow banana)
I would expect this to be easy to understand and users would not have
any problems.
It seems a lot better than demanding "must contain at least one digit"
and other customary constraints,
I would also expect a much bigger range of effective passwords which
users would come up with.
This doesn't require any change to password storage, just validating
that a space is present. Also scales well: demand three passwords,
etc.; and is backwards-compatible with
sophisticated password-choosing-schemes
What do you think?
Stephan
--
Stephan Wehner
-> http://stephan.sugarmotor.org
-> http://www.thrackle.org
-> http://www.buckmaster.ca
-> http://www.trafficlife.com
-> http://stephansmap.org
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|