Calculating Password Policy Strength vs. Cracking

InfoWorld’s Roger Grimes offers a spreadsheet-based calculator in which you can key in your current password policy and see how your organization’s passwords might hold up against the number of guesses an attacker can make in a given minute. As an example, Grimes assumes an eight-character password, with complexity enabled, a 94-symbol character set, and 90 days between password changes. Such a policy, typical for many organizations, would require attackers to make only 65 guesses per minute to break — not at all hard to accomplish, Grimes writes.

6 Comments

  1. 2009-05-23 12:38 am
    • 2009-05-23 7:02 pm
      • 2009-05-24 9:25 am
        • 2009-05-24 9:42 am
        • 2009-05-26 1:27 pm
  2. 2009-05-23 12:20 pm