Hi Bit Tech'ers I am lucky enough (well for some it would be hell) to be part of a team at work, that looks at current security measures for the corporate environment. We look at everything from perimeter network to the user access layer. I wont bore you with the details, but we had a demonstration of the new CUDA password cracking tools that can now be used to crack some very complex passwords in short period of time. In a nut shell the previous number, hash, lower and caps recommendation still stand, although the password length recommendation has now increased from 7 to 10 I just thought I would share this information with you lot in case anyone cared! There is ALOT of information, some different, available on this subject and I am sure lots of people have different views, which I fully respect so please avoid flaming. This is purely FYI and individuals can make they own choices on the passwords they use. I am unsure of the forum policy about linking to hacking websites to give you further information, so I will refrain. Bennie
I'm going to create an online password checker that when you type your password in it simply pops up with a message that says: "If this was your real password then it is not secure as you just typed it into a potentially malicious website."
What I find frustrating about passwords is where they restrict the maximum size of the password. My current one for work is 14 characters but I know some places that won't accept more than 11.
I know, I know. But I bet most people don't carefully check the legitimacy of a password checking website, and the potential for abuse pretty substantial. I think a blanket policy of not typing your password into any website other than the one it is for is a pretty good idea for most people, and one I follow.
