Password entry
Users might have difficulty entering the password correctly if the password is too long or complex.
Complexity rules
There are some outdated advice such as your password must consists of 6-12 characters, with at least one special character and two numbers. Why is it bad?
Take an example:
Password123! is accepted according to this rule, but it’s hardly a good choice.
At the same time, sfvdv40iwer7c234sf2ysbc is rejected because it is not using any symbol and upper case letter. However, it is a good password.
Therefore, passwords still need to be complex and unpredictable. Attackers try dictionaries first (more on password attacks in Password Based Attacks).
Complexity and usability
Passwords must still be unpredictable and memorable. How can we bridge the gap? The following methods are tried and tested:
- Password manager + strong password
- Take memorable sentence and turn it into password (“first letters from a sentence” method)
Back to parent page: Cyber Security and Security Engineering