MFT Security Tip: Use Long Passwords

In today's #MFTSecurityTip we talk about the importance of using long passwords and how to enforce a long-password policy in JSCAPE MFT Server
  1. Blog

It’s time for another MFT Security tip. Today, let’s talk about long passwords and why you would want to require your users to use them. To begin, let’s have a thought experiment. Let’s say, the alphabet only consists of two letters - A and B. Of course, we know there are 26 letters all in all, but for the purpose of this discussion, let’s just say there are only two.

Play this if you want to watch the video version

So, if the length of your passwords is only one character, you will only have 2 possible passwords: A or B. That’s going to be pretty easy for a hacker to guess, right?

Now, if you make that longer, say you increase it to two characters, it’s going to be slightly more difficult to guess, as there will now be 4 possible combinations. Still easy, but definitely harder than a password with just 1 character.

Let’s increase that length some more and make it 3 characters. Now, there’s going to be 8 combinations. See what I’m trying to drive at? If you have 4 characters, that’s going to be 16 combinations, and so on and so forth. The longer the length, the harder it’s going to be to crack.

Of course, these hackers are going to be armed with applications and machines that will make password cracking much faster. Still, if you’re going to use the full 26-letter alphabet, a length of say 8 characters will already amount to 208,827,064,576 combinations. Make it even longer, and, eventually it’s no longer going to be feasible for a hacker to crack a single password.

So, how do you force users to use long passwords in JSCAPE MFT Server? Easy. Just navigate to a domain, go to Compliance, set a minimum password length, and click Apply. You can also check ‘Deny login for password non-compliance’ so that users who haven’t changed their passwords yet to adhere to your password length policy (even if they enter the correct password) won’t be granted access.

compliance password length

That’s it. See you again next time for another MFT security tip.

Would you like to try the FREE Starter Edition of JSCAPE MFT Server? Download it now

Download JSCAPE MFT Server Trial