In response to my previous blog post on strong passwords, a friend pointed out Stanford’s new password policy, which I quite like and thought worth sharing. This policy plays off probabilities, meaning that if you decrease the number of total characters in your password (decreasing the total permutations), you must use more character types instead (increasing the total permutations).
The policy breaks requirements into 4 tiers by password length:
- “8-11: requires mixed case letters, numbers, and symbols
- 12-15: requires mixed case letters and numbers
- 16-19: requires mixed case letters
- 20+: any characters you like!”
This policy is also mobile friendly, as it’s much easier to type a bunch of letters on a phone than a few random symbols.
I find the policy flexible and accessible and I hope it helps improve your understanding of how to make a strong password.