A different perspective on password strength

by [Published on 11 Aug. 2011 / Last Updated on 11 Aug. 2011]

So you think that, in order to be “strong,” a password needs to be “complex,” right? You need alpha characters and numeric characters and upper and lower case letters and symbols – that’s what we’ve all been told and those complexity requirements are enforced by policies. This comic illustrates why complexity is actually not the most important factor when you want to create strong passwords, and how easier-to-remember long passwords can actually be more secure than those complex nonsense passwords like 24%Tup3r” that meet all the requirements. http://www.explainxkcd.com/2011/08/10/password-strength/

So you think that, in order to be “strong,” a password needs to be “complex,” right? You need alpha characters and numeric characters and upper and lower case letters and symbols – that’s what we’ve all been told and those complexity requirements are enforced by policies. This comic illustrates why complexity is actually not the most important factor when you want to create strong passwords, and how easier-to-remember long passwords can actually be more secure than those complex nonsense passwords like 24%Tup3r” that meet all the requirements.

http://www.explainxkcd.com/2011/08/10/password-strength/

See Also


Review and Comments

* Required field

The Author — Debra Shinder

Debra Shinder avatar

DEBRA LITTLEJOHN SHINDER, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

Featured Links