[Owasp-cheat-sheets] Authentication Cheat Sheet - Password length
jim.manico at owasp.org
Thu Aug 30 15:32:49 UTC 2012
Good catch and well said. Do you have a sec to fix this on the wiki?
On Aug 30, 2012, at 1:09 AM, "Paweł Krawczyk" <pawel.krawczyk at hush.com>
I was just reading
Longer passwords provide a greater combination of characters and
consequently make it more difficult for an attacker to guess.
*Important applications*: Minimum of 6 characters in length.
*Critical applications*: Minimum of 8 characters in length. (consider
*Highly critical applications*: Consider multi-factor authentication
Isn't that somewhat outdated? I wouldn't recommend minimum 6 character
passwords to any applications. Looking at available evidence I would
recommend the minimum to be nine characters for new applications and eight
Paweł Krawczyk, CISSP
+48 602 776959
Owasp-cheat-sheets mailing list
Owasp-cheat-sheets at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-cheat-sheets