How long can a Google Account password be?

bill · April 08, 2011, 04:13:49 AM

I can't seem to find a straight answer to this question. Does anyone know the maximum length a Google account password can be?

bill · April 11, 2011, 04:54:52 AM

It appears to be 100 characters.

dogboy · April 12, 2011, 12:46:02 PM

Wow, that must be some secret stuff you are working on!

eurotrash · April 12, 2011, 01:00:16 PM

That would be supercalifragilisticexpialidocious three times plus one character.

bill · April 12, 2011, 01:22:03 PM

Yeah, I'm working on some quake-proof accounts.

ergophobe · April 12, 2011, 06:21:32 PM

I just use my social security number for important quake-proof accounts. It's 11 characters, so that seems pretty secure. Do you think that's a bad idea?

100 characters is a strange number. I would think they would do 64 or 128 so I could use a hash of my social security number ;-)

Seriously, they're probably storing it as a hash anyway.

bill · April 13, 2011, 04:43:32 AM

I certainly hope that they're storing my passwords as a hash.

Most of my passwords are about 20-25 characters of randomized characters, numbers and symbols. If I know the maximum password size a service will support I'll just generate a password around that size.

If you're using your SS# I hope you're hashing it a few times at least.

ergophobe · April 13, 2011, 05:13:58 PM

Bill.... you should know me better than that by now.

I use a password manager (usually Lastpass, but previously Roboform) and I randomly generate passwords using as much variety as allowed (some systems only allow alphanum), though usually only in the 10-12 char range.

I suppose I should go through and vet all my old passwords and make them a bit longer and check for any legacy passwords based on words (the only time I really use a word is when it is a throwaway account, in which case it's usually the same old word and let the hackers in; no skin off my back).

bill · April 14, 2011, 04:51:27 AM

Quote from: ergophobe on April 13, 2011, 05:13:58 PMBill.... you should know me better than that by now.

Yes, I neglected an extra smiley at the end of that one.

LastPass is my preferred tool these days as well. 10-12 characters is a bit short for me though. Try taking the LastPass Security Challenge to see how your list stacks up: https://lastpass.com/index.php?securitychallenge

dogboy · April 14, 2011, 06:35:20 AM

Wow, you guys were serious.

You know, as much as I put on, I dont think anyone would really gives a shit about me or what I think or do. If someone was hell bent on figuring me out I'm pretty sure they could. And then we would be faced with what they could possibly do if they broke my secret codes. Post some crazy post here or on Facebook? Really? Do you think you could tell the difference? Sure my bank password is different than the rest, but what could you possibly do that would cause me enough anguish that I would feel I needed a 99 character password?

Am I naive? Or too self centered? I'm having trouble finding the line in the sand...

bill · April 14, 2011, 07:46:46 AM

If we're auto-generating random passwords that we're never going to remember without a tool then why not go for a more secure password length? It's no more effort to generate a 5 character password than it is 100. 100 characters may be a bit overkill, but I wanted to see how big they were allowing.

What's the point? I don't want to make it easy for anybody to just "figure me out" online simply by cracking a password. They're going to have to work for it...on each and every site. However, you're right that there probably isn't a need for passwords that long and complex on the web for the most part. You'd want something moderately complex and random, and then you should never use the same password on more than one site.

What could they do with access to your accounts? That would certainly vary on the account. A Google account could be connected to a wealth of information depending on the person and what they have stored in there. Could somebody gather enough information out of one or more of your accounts to impersonate you and use that to financially harm you? It is being done.

Drastic · April 14, 2011, 01:00:27 PM

>Sure my bank password is different than the rest, but what could you possibly do that would cause me enough anguish that I would feel I needed a 99 character password?

I don't know about 99 chars, but in the short term, a major problem would be access to hosting accounts. A permanent one would be registrar accounts.

dogboy · April 14, 2011, 03:53:29 PM

I hear you, Dras, i guess I was fixated on the 99 character part. Seems like at some point there are deminishing returns.

I guess it goes w out saying that you can't access anything unless you are on that machine so if you are mobile, your machine dies, gets stolen, etc you would spend your whole life requesting a new passwords?

I dunno. I guess I should stop using 'password' for all my passwords then....

ergophobe · April 14, 2011, 06:30:51 PM

Yeah, I should have known that you should have known.

>>LastPass Security Challenge
That's a handy tool - the detailed report is excellent.

And it all gets me thinking about how much is just in my email and how old some of my passwords are.

>>Lastpass

I find Roboform actually works better, but just not $30/machine and $20/year better.

ergophobe · April 14, 2011, 06:32:15 PM

>>Isn't Roboform or equivalent the new weakest link?

That crosses my mind often. You may well be right in your approach...

How long can a Google Account password be?

dogboy

dogboy

dogboy