Two random 16char long passwords (like a username and a password)
75%
[ 3 ]
They're the same
25%
[ 1 ]
Total Votes : 4
Author: kevinevans, Posted: Wed Aug 11, 2010 9:41 pm Post subject: Question with passwords ---- I'm writing a lightweight accounting system, and I'm wondering which is safer to use (I only want to use 32chars):
- A random 32char long password
- Two random 16char long passwords (like a username and a password)
I keep thinking they're the same, but I'm thinking that the 2nd option is safer.
Thanks
PS: by random, I mean [0-9A-Za-z] (62 chars)
edit: Added a poll, incase somebody is too lazy to post in the thread
Author: Fire Ant, Location: LondonPosted: Sat Aug 14, 2010 5:44 pm Post subject: ---- Sorry to shoot you down, but....
Maybe you shouldn't have posted this as a poll. I hate polls and surveys because they limit your answers. Am I to pick whats best out of your 3 suggestions? TBH, your suggestions are great and the question you pose is very generic. I mean, what is safer? What do you mean? Safer for who?
One of your suggestions is...hoe can I put this nicely, very misleading.
Quote:
Two random 16char long passwords (like a username and a password)
Whats the difference between this and a 32char random password? Is the user name random? If so then option 1 and 2 are the same?
I think you are limiting yourself here. Maybe you could put some more context around this. Is this for a machine/service account or a user account? etc
Fire Ant
Author: hitech, Posted: Fri Sep 03, 2010 8:48 am Post subject: ---- I also think that 2nd is batter way.
Author: blackandwhitebg, Posted: Mon Oct 18, 2010 3:11 pm Post subject: ---- If the attacker is using Brute Force 2 x 16 chars is much more secure in case the user name is unknown.
Author: izang, Location: PhilippinesPosted: Tue Oct 19, 2010 5:38 am Post subject: ---- I think your options are kind of the same. But If I were to choose between the two, I think I'll prefer to use number 2 strategy for my password.