> > >And you know the password is 12 characters, you've got a real good shot at >guessing it after having only cracked a 7 character password, don't you? In >other words, those 5 extra characters didn't gain this user anything. That >is why you'll hear a lot of security experts tell you to use 7 or 14 >character passwords on Windows networks, and don't bother with anything >else. > > > The extra characters in a [8-12] character password may not gain anything security-wise, but they can still be useful for mnemonic purposes. After all, if the user can't remember their password, they write it on a post-it note and stick it to the monitor.
Andy Cowan University of Iowa Physics/Astronomy/CS Undergrad
