Company policy requires the use if passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases?
A. Reuse
B. Length
C. History
D. Complexity
5 Comments on “Which of the following technical controls MUST be in place in order to promote the use of passphrases?”
Paul Ssays:
Not comfortable with this answer. Passphrases are generally up to 256 characters as opposed to passwords (limited to roughly 16-20 characters). Depending upon the system, you can use spaces for passphrases which could be included as complexity. But the question says, which must be in place to promote passphrases–I would have to opt for Length. Complexity is preferred but not a must.
6
1
testersays:
true, Length
2
1
Mikesays:
The difference between password and passphrase. … A passphrase can also contain symbols, and does not have to be a proper sentence or grammatically correct. The main difference of the two is that passwords do not have spaces while passphrases have spaces and are longer than any random string of letters.
Agreed.
Password = Complex
Passphrase = Length
3
1
Gergsays:
Password complexity consists of increased length and character sets. Both contribute to the character space (number of possible combinations) and a password’s security.
I would agree the answer is D.
1
1
meacsays:
I agree with the answer being D. Here is an article on the subject.
Length goes without saying by the way, as a passphrase by definition is more than 8 characters long anyways…
https://security.berkeley.edu/passphrase-complexity-guidelines
Requirement
When passphrases are used, they must meet the following complexity specifications:
Passphrases MUST:
Contain nine characters or more
Contain characters from two of the following three character classes:
Alphabetic (e.g., a-z, A-Z)
Numeric (i.e. 0-9)
Punctuation and other characters (e.g., !@#$%^&*()_+|~-=\`{}[]:”;’?,./)
Not comfortable with this answer. Passphrases are generally up to 256 characters as opposed to passwords (limited to roughly 16-20 characters). Depending upon the system, you can use spaces for passphrases which could be included as complexity. But the question says, which must be in place to promote passphrases–I would have to opt for Length. Complexity is preferred but not a must.
6
1
true, Length
2
1
The difference between password and passphrase. … A passphrase can also contain symbols, and does not have to be a proper sentence or grammatically correct. The main difference of the two is that passwords do not have spaces while passphrases have spaces and are longer than any random string of letters.
Agreed.
Password = Complex
Passphrase = Length
3
1
Password complexity consists of increased length and character sets. Both contribute to the character space (number of possible combinations) and a password’s security.
I would agree the answer is D.
1
1
I agree with the answer being D. Here is an article on the subject.
Length goes without saying by the way, as a passphrase by definition is more than 8 characters long anyways…
https://security.berkeley.edu/passphrase-complexity-guidelines
Requirement
When passphrases are used, they must meet the following complexity specifications:
Passphrases MUST:
Contain nine characters or more
Contain characters from two of the following three character classes:
Alphabetic (e.g., a-z, A-Z)
Numeric (i.e. 0-9)
Punctuation and other characters (e.g., !@#$%^&*()_+|~-=\`{}[]:”;’?,./)
2
0