Talk:CISA

Is a 5 place password a security measure?

What most trips me up is the word "Security". From a computer security perspective, a 5 place password has rapidly passed away as a meaningful defense against password cracking. Password guessing and cracking tools on common laptops can generate every ASCII symbol for all 5 places in substantially less than 1 second. Only in the context of multi-factor authentication, where a 5 place password is one factor, would I consider a 5 place password a "security" measure.

I understand that the question is supposed to discuss a control in a more abstract sense. But, the NIST paper that mentioned password length has not been updated since 1970. Is it not time to update this test question in favor or modern reality?

Don Turnblade, MS, CISSP, CISM, CISA

Retrieved from "http://en.wikipedia.org/wiki/Talk:Certified_Information_System_Auditor"