November 22, 2011 6:35 PM Subscribe
Password security strength question.
posted by dfriedman to computers & internet (8 answers total)
So, I just came across a site, which I will not link to, which had an extensive list of password requirements, among which are a minimum length of 8 characters and a maximum length of 12 characters. The site publicly and explicitly announces these limits when one registers for the site.
Isn't this essentially a giveway to brute force attacks? Any cracker knows that this site has passwords that range within a 5-character range of length. (12 - 8 + 1) = 5.
Other password constraints which further compromise the security of passwords include:
--maximum repeated characters: 2
--starts with a numeric character
Am I totally off base here? Or is this, in fact, a relatively weak security system?