Can a password be TOO long?

Discussion in 'other security issues & news' started by IronLock, Mar 8, 2012.

Thread Status:
Not open for further replies.
  1. IronLock

    IronLock Registered Member

    Joined:
    Oct 24, 2011
    Posts:
    10
    I often hear security experts claim that creating a password that's too long can actually make things weaker.

    Can anyone tell me if this is true, and explain why it's true/false?

    Thanks!
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    If it's too long the user will have to resort to writing it down or making the password itself easier to remember.

    That's it.

    Otherwise more length will never hurt.
     
  3. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    If you log your passwords in an app like Keepass you don't have to remember any thing.:)
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    That's true, but your master password has to be long enough to be memorable.
     
  5. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    If you mean the password to access Keepass, that would depend who else if anyone also accesses your pc. Keepass isn't on line so no one can open mine as I'm the only person using the computer, so I use a simple password to get me in.
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    BINGO! :D
    Same here.
    I'd say it all depends on who you're trying to hide the password, if it's from the interwebz then writing it down would be no problem but imagine if it was from someone like people around you, i would not consider writing it down because they could find it some day . . . :D
     
  7. x942

    x942 Guest

    Hey don't you guys remember that amazing encryption tool FolderLock ? That would so helpfully truncate passwords longer than 16 chars? ;)


    I kid... I kid.. :)
     
  8. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Well, from what I read, the longer your password the better. And that is because of the two basic ways in cracking a password(not to get that confused with 'methods' to acquire passwords), which is either by guessing it...or by brute force hacking.

    And even though, trying to guess a longer, more complex code would take longer and would be much more difficult...if not actually impossible to crack...and even though it is possible that a brute force attack can crack a long and complex password, I had read that the longer and more complex the password is, the longer it takes for a brute force attack to be successful. Therefore, you are at least buying yourself more time with a long and complex password.

    What Is 'Brute Force' Dictionary Hacking?

    Also, because the above article mentions how brute forcing involves dictionary software that recombines English dictionary words with thousands of varying combination...it's always better to use an alpha-numberic combination of characters....in addition to as many special characters as possible, which would slow down a brute force attack even more.

    And as far as trying to memorize your password or passwords, I gave that up a while back ago and started writing my passwords down on paper and keeping them in my wallet. Although, actually I don't use what are considered passwords, but actually use what are called passphrases, which are a combination of personalized encrypted words that form a phrase that you make up...which, by the way, you may actually end up remembering over time.

     
    Last edited: Mar 14, 2012
  9. BrandiCandi

    BrandiCandi Guest

  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There's ways you can use long passwords with random characters and have them fairly easy to use without password software. Start with an encrypted text file. Contents don't matter. After encryption it will look like this but larger:
    Code:
    qANQR1DBwU4DtYA9uTfuIakQB/9w54fY4UZlR1THoeim/U8lKNvXb3ol8iwQhsk3
    SxT3zp61oqYgLOYxKE0pmmsNEfMFYqBvaBGA/WibVzBHJFYZQXYA8PD04fD8qLpp
    OZMPZe+VQpc1HfeMM5aWHyrXaOa+nL1D0fCORs+7m8/kdjf1s5CY+3gfT3V/x0Jj
    8MCZCk26vhil3N76i0ise9Ouzj9YBOJcUBjuHMmZ8v9MluOBP9EX+7jv04CyoGMC
    FsnL8sxTudep8h1jN4QQoXu/mhFoFkHeSS7VA6j74bzTmo+thFuWeSXqZ1PtrV+S
    B6fdOJIIiy1yy+QDu2TIEosqlduaevLE041a//B78Or4uKBbB/42ygrO9SNxRo4W
    /fSTHZiJZZEXvm8bgvju4lfItKda5G/54h+itSwcJKs9PHb7SUC+oQkymwRTdZUP
    eM0Ow+GPDoIjT2QswtX4gsGAeBJQ8y+7ZUS3Lp4MvbGwKu56VhQgpTGlGaQMLhVQ
    xFrGw2aEEbTzMurC4KSoQRlojkRGMg+BAFmh15UnNDVfC6jls9KqPpgD+GarB+Pn
    5EUKiOGFMdK06DCgZgD+zNcu2dnilm7OLpUmn5Ooz9dTWF7JYhUeM8ibn3j19slT
    2Gax8zmbdBqqkhHbgwg39ppfEI7nC6HCu6xNdZah2I7v3YpOfcKjJn7i6bG1R1/T
    zGoPgxqlyewacMyf1a0UxsnoKW99oYx2XVSPnLSaw3fYo0ctTzf1PuKTrxZ1lep+
    uoZZzz9HO14d3aObb94U7Wc1ko9RlHZVFJXykRxKuzL+bnOyTV/6GCG4cRNYy61Z
    9tjtYskabva0SlmgkrbAzWoxAeVpqDxeMmw7Evx0nw8xRXoMof8NFwC5qdJrkbad
    6jHS31JD42MsEEE+O4KLN0lvNSXkQDEOUAadSVffU0C+a+jQOoBPEeqN4AL95+ni
    m33gyZ8PKsQ/UBRst0EBpRPpHCDgJePLFgaIHfdnd2epI002FBv4UdmVS29GzYjb
    eYa3vDiMMdukrBV7A/okbqylEkdQhbuLP7S4at3Gls15oYzDgV4c+GgNcN71X29M
    aTH64LcJ4ssCD+sum7WIKoUlUuRuBOxWORkOytpdutK6NC7n1mBMIoeNPdZ0VTEP
    3vSF5mhVtcBdFSqTB706Pc8kyvv/UObQFW1Bmpg3JHM8gU3ixNMmYSVD2XS0izr6
    362bGimLkTWY9phwdAvp3m4YiC/NHcMK2cLCue/a1XlDUOBXTGeWSD0wM5ptm2CA
    SrUQKzbTti8ItgN7D5WoureCGrT1nlzESOxuRiYPVSDOPt7vCI10gQhS5awgWlj4
    6o543SFeJW4rcdj3aK+ysJ0fsTS79mcIUuw/MmeUQTsWPT7HsfQo0MWXMvtk2/MQ
    eN/5W9St/tSz+RlVpH18FvFFurXDYad8+LMBN+2efthNcaIisuelaRuB+xpueVjX
    7EFPH6p55k4HaJEZNmID/rN7BBZ3nDvzbsyExxonUlbBbpcvv+4J37voxD2ngNg6
    20WXpz8fDS0QH3S91VAXfU40742aIkTnerG6f5dV4vJGOcO4Rfw1nOeH3J7xPXL+
    After that, it's copy and paste. All you need to remember is where it starts and ends. Example, starts on line 3, character 4, ends on line 4 character 5. remembering 3445 gets you:
    PZe+VQpc1HfeMM5aWHyrXaOa+nL1D0fCORs+7m8/kdjf1s5CY+3gfT3V/x0Jj8MCZC

    Make a dozen or so of these files for sources. Without knowing the length, how long would it take someone to find a password that's in plain sight?

    Don't want source files? Then take a song you know well and use the first letter of each word, case sensitive, and all the punctuation marks that would be there.
     
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    But if they used a dictionary brute force attack the second option would be easier to crack or not? :rolleyes:
     
    Last edited: Mar 15, 2012
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Not. The dictionary attacks we hear about usually use one word + some numbers/ letters. Cracking a 3 word password would be like cracking a 3 letter password with a 200,000 character set. It would take a very long time.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Or just pick a quote from a book/ song that you like. Way easier to remember, doesn't involve writing your password down, and it can be longer than that.

    Or don't bother with an huge password that forces you to add weaknesses. If you have a strong password between 16-22 characters and a character set of 94 no one's going to crack it with any modern hardware.
     
  14. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Can't stress this enough. Additionally don't fall victim to password reuse. You can have the longest most entropic password ever conceived by man. If you use it from banking to twitter and it gets discovered in a random database breach, what good will it do you?
     
  15. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I also meant to mention that it's a good idea to create complex and/or nonsensical answers to secret hint questions. Such as if a secret hint question is: What is your paternal grandmother's first name? Well if your paternal grandmother's first name is Ruth...using that as the answer is too easy for a hacker to hack.

    However, make the answer something like b@Byee*Ruth-1s(a)Cand1e/b@R or something to that effect.

    But the point is, it's not a good idea to give a normal, easy to guess answer to those types of questions.
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I agree. I have no idea who came up with those but they should be fired and or hanged.

    It defeats the purpose of a password when you enter FB-read info to one of those questions.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.