

Ask HN: 5-digit alphanumeric or 12-digit integer simpler and more secure? - aen


======
ajuc
This is for some password authentication?

I never understand why people restric password length. Why not 12-char
alphanumeric? Or 32-char alphanumeric? Most people will use 10-char passwords
(or shorter), but those concerned with security could use better.

BTW - I'v got idea how to ensure people will use unique secure passwords on
your site. It's a little harsh, but still.

For each new user in registration form calculate 4-letters hash (from user
number, timestamp, whatever), and require user to include this hash in his
password (and that the password is at least X characters long). User that has
favorite password "swordfish" will just use "swordfishX13h" probably, but it's
still better than "swordfish".

~~~
eliaskg
I think the question is not password related as the key may be used as a UID
for a "semi restricted" link.

------
factoryron
Even with 5 x 62 case sensitive alphanumeric digits, 12 integers is roughly
1000 times more secure

------
syncerr
Compare possible brute force combinations: (26+10)^5 vs. 10^12

~~~
eliaskg
That would be 10e12 vs 60.466.176. Pretty easy from the security pov.

Also if an alphanumeric string should be entered / remembered by humans make
sure to strip I, l, etc.

------
aen
12-digit integer e.g. 907653849272

------
aen
5-digit alphanumeric e.g. HEL2N

