Password security and Digg.com
I’ve been on a mission lately to change all of my passwords on all of the sites that I use. To make it easier on me, I’m using KeePassX to generate them, and to store them.
When creating these passwords, I’ve been using Upper+Lower+Numbers+Special Characters+Minus+Underline, and a length of 26 characters. I figure this is plenty enough overkill to keep my passwords unique amongst each site. But when I tried to change the password on Digg, it told me that my password could only be between 4 and 15 characters. Ok, I’ll agree that 26 is definitely overkill, so I shortened it to 15. I regenerated a password, and put it in place. Digg then told me that I could only use Upper+Lower+Numbers for my password.
Excuse me? We took the password strength from 170 bits to 89 bits. That’s nearly half the strength. Especially now that Digg has integrated with Facebook, this seems like a very dangerous security issue to me. Maybe I’m just over-reacting, who knows.