Password complexity

This comic from xkcd.com touches on password strength and debunks a common myth – that of password complexity.

Most websites and workplaces etc are hot on password complexity to better secure your files and logins, but it would seem that it isn’t password complexity (or c0mpl3x1ty) that is important, but the length of the password.

This link, although containing some rather complex maths and other geeky stuff, gives you an idea of how long it would take to ‘break’ a password using a couple of different methods.

Here’s how long it would take to break a ‘complex’ password such as “xt15021a”:-


And here’s how long for “I love visiting 2toria.com”:-

Much longer, isn’t it?  So, when thinking up a password, it’s apparently much better, safer and easier to think of a four or five letter mnemonic or sentence that you’ll remember rather than a shorter password that’s made up of numbers, letters and other symbols.

One comment

  • August 18, 2011 - 8:20 pm | Permalink

    In previous versions of Windows when a user changes their password but fails to meet the domain requirements of the password policy the error message was quite helpful albeit that. Which doesnt tell the use WHAT the requirements are in detail ie how many characters what the complexity rules are or how many passwords are remembered unlike in XP 2003 2000 .

  • Leave a Reply

    Your email address will not be published. Required fields are marked *