We are often advised, or required, to compose passwords containing all of the fo

Question

We are often advised, or required, to compose passwords containing all of the following: numerals, lower case letters, upper case letters and some special characters. In my view this is not the best advice.

Assuming we need need 80 bits of entropy in our password, that can be achieved in the following ways: 16 random single-case alphanumeric characters; 14 random two-case alphanumeric characters; or 13 printable ASCII characters

My contention is that it is easier to type two or three extra single case alphanumeric characters than it is to be repeatedly manipulating the the case shift key and to be searching around the keyboard for special characters.
Are single case alphanumeric passwords the most user friendly?

Explanation / Answer

If you want the password scheme to be most user friendly, then you got to let the user choose what he/she wants instead of enforcing such a limitation by second-guessing what the user might prefer.

Every human is unique. Some may prefer a short complicated password that can be entered quickly by virtue of pure muscle memory while others may prefer a passphrase that can be stringed into a song.

I think developers should respect that instead of trying to fit us all into a mould.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.