When was the last time you saw an application accepting passwords length lesser than 8 characters? 🤔
Devanand Premkumar
10 replies
Last week when I was trying to signup for an application presented here in PH, it asked me to create a password with just 6 characters.
I was wondering why do we allow such a low entry barrier for the primary authentication - password. Six characters can be taken down pretty easily, courtesy of today's computing speed and efficiency.
What do you think should be a minimum character length for a password to be considered safe and secure?
Replies
Tanay Gauba@tanay_gauba
Considering today's computing speed and efficiency passwords are not at all safe and can lead to data breaches in near future. The world is now switching to password-less authentication which is more convenient and safe. Password-less authentication make sure that you don't have to remember such complex passwords containing @,#.! etc..
Share
@devaonbreaches I am working with a startup where we are focusing on the password less and OTP less authentication. I know it will take some time but the switch is important when you know everything around you is upgrading.
@tanay_gauba Your right about the issues of password. But the migration is a long way to get completed. Think about the numerous applications which needs to be switched from the traditional password based authentication to password-less authentication.
I think it will take few more years considering the pace of this switching/migration that is currently happening.
@tanay_gauba Totally true. Upgrading is time consuming but we are all positive it will change for the good. I was also looking earlier at Prabhat's response on one of my other post and it make sense :)
We request 10 or more characters... and encourage 12+
We've taken out any @#$%^& requirements because it gets too difficult otherwise... afaik it's the length that really improves the entropy/security.
@jimbomorrison For sure the current best practice is to have 12+ characters. Am glad to see that coming out as a requirement. Please keep up the good work.
Last week when I tried to sign up for H&M's mobile app. I think there should be no limit, not sure what they are trying to achieve by having this limit. Save space?
@bilal_chaglani Seriously! In 2021, applications are enforcing 8 character length? That's not the recommended best practice anymore.
Saving space as a requirement was valid when the storage costs were huge. Now you can get gigabytes of storage at the cost of pennies. Not a valid reason to limit on storage by length of characters.
Adding to that, if they are storing the password in plain text - considering length requirements, then they have a bigger problem at hand for sure.
Yes, the passwords of bank applications are always 6 characters.