Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Fun with Passphrases!

Published: 2014-04-24
Last Updated: 2014-04-24 02:41:26 UTC
by Rob VandenBrink (Version: 1)
14 comment(s)

As systems administrators and security folks, we've all had our fill of our users and customers using simple passwords.  Most operating systems these days now enforce some level of password complexity by default, with options to "beef up" the password requirements for passwords.

The prevailing wisdom today is to use passphrases - demonstrated nicely by our bud at xkcd - http://xkcd.com/936/

So I routinely have very long pass phrases for public facing accounts.  Imagine my surprise when I was creating a new account on major cloud service (the one that starts with an "O" and ends with a "365"), and found that I was limited to a 16 character password. 

Needless to say I have a case open to see if that limit can be removed.  I'm not looking for no limit / invitation to a buffer overflow status on the password field, but something bigger than 16 would really be appreciated !

 

 

Keywords:
14 comment(s)
Diary Archives