October 21, 2004

A Microsoft Internet security administrator is recommending the use of multi-word "passphrases" rather than passwords to improve security on Windows networks, arguing that passwords of less than 10 characters are insufficient in fighting the latest hacking techniques.

In a blog post titled "Why you shouldn't be using passwords of any kind on your Windows networks", Robert Hensing argues that the inclusion of password-cracking tools in recent worms and trojans illustrates the need for sturdier authentication schemes.

"Passwords are ridiculously easy to guess or crack," writes Hensing, a member of Microsoft's product support security team.

"Worms like Agobot ... all ship with dictionaries of passwords numbering in the hundreds and they can easily replicate to a system that has a password in this word list, and the miscreants are really good at keeping these wordlists up to date with passwords that they've cracked from other systems."

Source: Netcraft