Vivian Yeo reports on industry responses to a recent research report from the Georgia Tech Research Institute suggesting users should create longer, 12-character, passwords:
… Ronnie Ng, Symantec’s systems engineering manager for Singapore, told ZDNet Asia that the username-and-password application is the “first and only layer of defense” for many information systems in organizations today. Hence, while brute force attacks are the least sophisticated of attacks, they remain very effective, he explained in an e-mail.
Ng added: “Probability dictates that the longer a password is, the more difficult it will be to crack.” Symantec recommends a minimum password length of eight characters for typical users, and at least 15 for administrators.
However, more than just length, users need to consider the “depth and width” of the password. He said a secret code with depth refers to one that is not conventional or easily guessable, while width refers to the use of numbers and symbols alongside letters.
Concurring, Victor Keong, executive director of IT advisory services at KPMG in Singapore, pointed out that long passwords do not necessarily equate to strong passwords.
Read more on ZDNet (Asia)