[Owasp-cheat-sheets] Authentication Cheat Sheet - Password length

Paweł Krawczyk pawel.krawczyk at hush.com
Thu Aug 30 08:09:02 UTC 2012


I was just reading 
https://www.owasp.org/index.php/Authentication_Cheat_Sheet 
Password Length

	Longer passwords provide a greater combination of characters and
consequently make it more difficult for an attacker to guess.

	Important applications: Minimum of 6 characters in length.

	Critical applications: Minimum of 8 characters in length. (consider
multi-factor authentication)

	Highly critical applications: Consider multi-factor authentication
Isn't that somewhat outdated? I wouldn't recommend minimum 6 character
passwords to any applications. Looking at available evidence I would
recommend the minimum to be nine characters for new applications and
eight for existing.
http://arstechnica.com/security/2012/08/passwords-under-assault/4/ 
-- 
 Paweł Krawczyk, CISSP
 http://ipsec.pl http://echelon.pl
 +48 602 776959
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cheat-sheets/attachments/20120830/e3ef772b/attachment.html>


More information about the Owasp-cheat-sheets mailing list