The Ruby on Rails and ClojureScript experts

Apr 26, 2012

Mark Burnett disects the TSA’s password policy and recommends this one instead:

So what would I use as the ultimate password policy? If I was ever in the position to set an organization’s policy, and it required a much higher than normal security, it would be this:

  • Minimum password length is 15 characters but can contain anything you want including spaces.
  • Your new password shouldn’t look too much like your last one.
  • Don’t reuse this same password anywhere else.

Then, I would provide a short list of example passwords to spark their creativity such as this:

  • whitefish44.JPG
  • C:program filesgreen
  • 1-800-orange piano

Link: Worst Password Policy Ever? « Xato via