Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Forcing one or more digits has little value. You are better off with 1 uppercase one lower case and 2 non alphabet characters. (Users are very likely to be replacing a letter with 1,0 so 2options * 8posistions = 16 possibility's = fail.)


Which is exactly the sort of terrible rules xkcd is criticizing (paraphrasing glenra).

Instead of 4 extra enforcements you could add 8 extra characters.

Your entropy is (somewhat simplified)

One 8 letter word: 15 bits

1 uppercase = 3 bits (or even just 1 bit, people capitalize the first letter)

reversing 2 rules above: 1 bit

replacing two characters at random places: 8*7/2 = 4.8 bits

inserting 2 random non alphabet characters: 40^2 = 10.6 bits Total: 34.4

The entropy of three medium difficulty words is log(4000^3) = 35.9

Instead of memorizing K!ybo4rd it could be mykeyboardisblue.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: