SIGforum.com    Main Page  Hop To Forum Categories  What's Your Deal!    I want legislation that stops websites from dictating password requirements.
Go
New
Find
Notify
Tools
Reply
  
I want legislation that stops websites from dictating password requirements. Login/Join 
Be Careful What You Wish For...
Picture of Monk
posted
My password, my choice!


____________________________________________________________

Georgeair: "...looking around my house this morning, it's not easily defended for long by two people in the event of real anarchy. The entryways might be slick for the latecomers though...."
 
Posts: 11865 | Location: Hoisting the colors in a strange land | Registered: February 09, 2003Reply With QuoteReport This Post
Member
Picture of mcrimm
posted Hide Post
Good point. I have a password manager on my iPhone that has all of my 100 or so passwords. I refer to it daily.

Most people just write them down and put them next to their computer or put em on a sticky, I would guess.

Insanity

This message has been edited. Last edited by: mcrimm,



I'm sorry if I hurt you feelings when I called you stupid - I thought you already knew - Unknown
...................................
When you have no future, you live in the past. " Sycamore Row" by John Grisham
 
Posts: 4214 | Location: Saddlebrooke, Arizona | Registered: December 24, 2013Reply With QuoteReport This Post
Cogito Ergo Sum
posted Hide Post
At work they are going to start a 17 word pass phrase as a requirement.
 
Posts: 5691 | Registered: August 01, 2002Reply With QuoteReport This Post
אַרְיֵה
Picture of V-Tail
posted Hide Post
This has been posted before, but it is appropriate for this topic:
Today I opened a new email account, I always use the same password: "cabbage". It's easy to remember. But it seems the computer had other plans...

Please enter your new password:

"cabbage"

Sorry, the password must be more than 8 characters.

"boiled cabbage"

Sorry, the password must contain 1 numerical character.

"1 boiled cabbage"

Sorry, the password cannot have blank spaces.

"50bloodyboiledcabbages"

Sorry, the password must contain at least one upper case character.

"50BLOODYboiledcabbages"

Sorry, the password cannot use more than one upper case character consecutively.

"50BloodyBoiledCabbagesShovedUpYourArse,IfYouDon'tGiveMeAccessnow”

Sorry, the password cannot contain punctuation.

“ReallyPissedOff50BloodyBoiledCabbagesShovedUpYourArseIfYouDontGiveMeAccessnow”

Sorry, that password is already in use!



הרחפת שלי מלאה בצלופחים
 
Posts: 30545 | Location: Central Florida, Orlando area | Registered: January 03, 2010Reply With QuoteReport This Post
Help! Help!
I'm being repressed!

Picture of Skull Leader
posted Hide Post
I'm under the understanding that most 8 character passwords with upper/lower/special/numeric character are able to be brute forced in time.

I was told that you should use pass phrases with at least 17 characters because with today's technology it would take them a couple centuries to brute force it.

So one example could be: Maryhadalittlelamb

The difficulty to brute force a password grows exponentially with each additional character.
 
Posts: 11151 | Location: Big Sky Country | Registered: November 20, 2004Reply With QuoteReport This Post
Shaman
Picture of ScreamingCockatoo
posted Hide Post
It might be insurance requirements dictated to the company.
We're required to change all of out passwords at work every 90 days.





He who fights with monsters might take care lest he thereby become a monster.
 
Posts: 39716 | Location: Atop the cockatoo tree | Registered: July 27, 2002Reply With QuoteReport This Post
For real?
Picture of Chowser
posted Hide Post
Haha. My yahoo mail account has a 20 character passphrase.
My bank account has a 9 character passphrase.
I should probably switch those.

All my gov’t accounts have long passwords with so many restrictions and I have to change them every 60 days. It sucks.



Not minority enough!
 
Posts: 7993 | Location: Cleveland, OH | Registered: August 09, 2007Reply With QuoteReport This Post
member
Picture of henryaz
posted Hide Post
quote:
Originally posted by Chowser:
All my gov’t accounts have long passwords with so many restrictions and I have to change them every 60 days. It sucks.

The company I worked for back in the 1990's/early 2k did government contract work, primarily for HHS. The password rules specified in their contracts gradually grew more complex, specifying length, complexity, frequency of change, and reuse (not). Based on that evolution, I'd hate to think what the specs are today.
 
Linux (at least back then) would kick back easy to guess passwords when root entered them for a user. One I recall was 'Nosila' plus some numbers, which Linux quickly identified as a word spelled backwards.

The main issue I have with web sites is not the complexity required, but the fact that different rules apply with the characters and length. Some still would permit 'cabbage'. Some 'special characters' are not allowed on some sites, and the ones disallowed vary from site to site. One site requires all the special stuff, but says the pw must begin with a letter. The minimum and maximum lengths vary, from 8, to some topping out at 15 or 20, and some permitting 32 (which I like). And so on.
 
I get that 'iH}9g>L49u.(4JWiVnLY}' is probably more secure than 'cabbage', but, OOPS, the curly and angle brackets are not permitted on this site.
 
 
Posts: 10778 | Location: South Congress AZ | Registered: May 27, 2006Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by Monk:
My password, my choice!

Then take your business elsewhere?

A service provider of ours decided I had to change my password regularly. So I told them "Ain't playin' that game. It's nonsense. So delete our on-line account access and resume sending us paper billing."

Sites establish minimum password/pass-phrase requirements because people tend to choose very stupid passwords, like "password." People choosing stupidly-easy passwords are also why some places insist users regularly change their passwords.

quote:
Originally posted by Skull Leader:
I'm under the understanding that most 8 character passwords with upper/lower/special/numeric character are able to be brute forced in time.

Well, yes, but...

If the site enforces even a slight retry delay, and makes any effort at all to temporarily blacklist the sources of repeated failed attempts, that could be a very, very long time. As in longer than your lifetime.

This assumes that crack isn't being run against a stolen password database, in which case ev3nVeRYl0n9pa55wrods! aren't safe.

I have had passwords as short a six characters and have yet to have had an account cracked, and I've been on-line as long as there's been an Internet. Had dial-up access to logins before that.

All that being said: I suggest passwords longer than eight characters, mixed-case in non-traditional places, throwing-in the odd numeric and punctuation character, not using any whole words or anything that can in any way be guessed from who you are, what you do, who you know, where you live, your pets' names, etc.

XKCD's take on passwords:




"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
His diet consists of black
coffee, and sarcasm.
Picture of egregore
posted Hide Post
 
Posts: 27834 | Location: Johnson City/Elizabethton, TN | Registered: April 28, 2012Reply With QuoteReport This Post
Member
posted Hide Post
A password at my job requires me to change it every 90 days... I just add an exclamation point to the end every time... I think I’m up to 20 or so now...

What pisses me off are the passwords that won’t let you use one of your last 50 passwords for something dumb like a spam gmail account.. so then I change my password to something else that inevitably I forget because it’s not one of the 3-4 passwords I use... I should definitely get a password keeper but then i’ll Forget to save the passwords in that...
 
Posts: 1299 | Location: Arizona | Registered: January 31, 2014Reply With QuoteReport This Post
Little ray
of sunshine
Picture of jhe888
posted Hide Post
Their computer hacking insurance probably requires it. Why would you want the government involved?




The fish is mute, expressionless. The fish doesn't think because the fish knows everything.
 
Posts: 53118 | Location: Texas | Registered: February 10, 2004Reply With QuoteReport This Post
His Royal Hiney
Picture of Rey HRH
posted Hide Post
The guy who created the government document on password requirements admitted he was wrong.

The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time

Most companies still haven't changed based on the guy's realization.

I hate that on one site, I have to use special characters then on another site, no special characters allowed.

I worked for companies that required a new password every 90 days, I simply incremented the number that was part of my password.

I wouldn't log in too often on a site where they require me to change my password every so often. I think if you're stupid enough to use password123 as a password, you're asking for what you get.



"It did not really matter what we expected from life, but rather what life expected from us. We needed to stop asking about the meaning of life, and instead to think of ourselves as those who were being questioned by life – daily and hourly. Our answer must consist not in talk and meditation, but in right action and in right conduct. Life ultimately means taking the responsibility to find the right answer to its problems and to fulfill the tasks which it constantly sets for each individual." Viktor Frankl, Man's Search for Meaning, 1946.
 
Posts: 19583 | Location: The Free State of Arizona - Ditat Deus | Registered: March 24, 2011Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  What's Your Deal!    I want legislation that stops websites from dictating password requirements.

© SIGforum 2024