You are viewing a single comment's thread from:

RE: A brief rant on password security [Edit: Not so brief after all]

in #security8 years ago

True, but the irony is that requiring certain character classes reduces entropy. If there are no restrictions, there's a lot more possible passwords than if there are restrictions, and to a bruteforcing algorithm, it's really handy to be able to skip checking all passwords which don't have at least one of each character class.

Even more importantly, when you require people to have all of those character classes, they overwhelmingly pick one of just a few common password formats (as mentioned in the comic, first pane, bottom left).

More restrictions just makes my job as a cracker easier, not harder, because it gives me more information about your password.

Sort:  

That's true, I mean there's always going to be some restriction by the fact of a character necessarily belonging to a set, but I get what you mean. And good point about giving more information, I hadn't thought of that. 🤠 ➡️🎩