Password length and complexity recommendations

Password strength and complextity is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. Using strong passwords lowers overall risk of a security breach.



People are notoriously poor at achieving sufficient entropy to produce satisfactory passwords. Users rarely make full use of larger character sets in forming passwords.



What makes a password strong?

  1. It's no shorter than eight characters, preferably longer.
  2. It does not contain your user name, real name, or company name.
  3. It does not contain a complete word and is significantly different from previous passwords.
  4. Contains both lower and upper case characters, special characters (&,*,%,$)



For clients using Linux we recommend using "pwgen" with additional atributtes. For example, using "pwgen -y -n 16" will generate a strong password, containing at least one special symbol, at least one number and will be made up of 16 characters in total. 



For clients using Windows we recommend using a Norton online password generator, located at

Tags: complexity, lenght, password, strenght
Chuck Norris has counted to infinity. Twice.