Tuesday, February 15, 2005
Robert Hensing, a specialist in incident response/intrusion who works with the Microsoft Security Response Center, has written an article advocating the use of pass-phrases, not passwords. His basic premise is that the longer the password/pass-phrase, the more difficult it is to break. Windows 2000 and XP both have the capability for you to use 127 characters. So, would it be easier for you to remember a pass-phrase like: sittin' on the dock of the bay or a password like: I8tX63!r (If you are using a password like "february," you may as well not use one; it would take very little time to break.) Hensing also makes the point that you should still change your pass-phrases over time -- it may be difficult to crack a pass-phrase, but it can still be done. Lots of interesting comments attached to the article -- pointing out both the advantages and disadvantages.