Stupid Password Requirements - Dendroboard
Dendroboard

Go Back   Dendroboard > Miscellaneous > Dendroboard.com Feedback, Help Desk & Questions
Register Blogs FAQ Calendar Mark Forums Read Advertise

Support Our Sponsors
No Threads to Display.

facebook

Like Tree10Likes
  • 1 Post By npaull
  • 1 Post By Source
  • 2 Post By Ed
  • 3 Post By npaull
  • 1 Post By TarantulaGuy
  • 1 Post By markpulawski
  • 1 Post By npaull

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-28-2016, 06:10 PM
TWI/ASN
 
Join Date: May 2005
Location: Seattle
Posts: 920
Thanks: 1
Thanked 23 Times in 15 Posts
Default Stupid Password Requirements

Why are we being required to have stupid things in our passwords, like symbols, capitals, and numbers?

It is very clear that the only important characteristic of a password is length. It drives me crazy when we're forced to have very difficult-to-remember passwords because of nonsense requirements to have symbols etc. We should just impose a length minimum and be done with it.

Can this be changed?
pdfCrazy likes this.
__________________
Problems are inevitable. Problems are soluble.
Reply With Quote
The Following User Says Thank You to npaull For This Useful Post:
pdfCrazy (06-30-2016)
Sponsored Links
Advertisement
 
  #2 (permalink)  
Old 06-28-2016, 06:48 PM
erikm's Avatar
Member
 
Join Date: Oct 2015
Location: Ontario, Canada
Posts: 434
Thanks: 17
Thanked 26 Times in 22 Posts
Default Re: Stupid Password Requirements

Length is the only important characteristic? Huh?

An all lower case, alphabetic password is EASILY crackable, regardless of length.

Having upper case, numbers and special characters exponentially increases the security of the password. It's also a pretty standard requirement nowadays.
__________________
Dendrobates.org | Rananova.ca
Reply With Quote
  #3 (permalink)  
Old 06-28-2016, 07:28 PM
Junior Member
 
Join Date: Dec 2015
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Stupid Password Requirements

Settle down now lol
waterbed fred likes this.
Reply With Quote
 
  #4 (permalink)  
Old 06-28-2016, 10:37 PM
Ed Ed is offline
Senior Member
 
Join Date: Sep 2004
Location: South Jersey
Posts: 19,301
Thanks: 321
Thanked 2,731 Times in 1,793 Posts
Default Re: Stupid Password Requirements

Quote:
Originally Posted by npaull View Post
Why are we being required to have stupid things in our passwords, like symbols, capitals, and numbers?
If you use some form of an algebraic expression you can easily create a password that includes all of the above items... for example

X^3+y-4=2Z (as a very simple example)... or consider

1/(x^-e^2)=(ln(Z))^6

some comments

Ed
Phyllobates and Judy S like this.
__________________
A phrase you never want to hear;
"It seemed like a good idea at the time."
Reply With Quote
  #5 (permalink)  
Old 06-29-2016, 03:47 PM
TWI/ASN
 
Join Date: May 2005
Location: Seattle
Posts: 920
Thanks: 1
Thanked 23 Times in 15 Posts
Default Re: Stupid Password Requirements

Quote:
Length is the only important characteristic? Huh?

An all lower case, alphabetic password is EASILY crackable, regardless of length.
This is just factually wrong.

A nice, simple example is captured in this xkcd cartoon (I acknowledge the shaky ground of referencing a cartoon, but the mathematics is easily verifiable from multiple other sources):

https://xkcd.com/936/

I repeat my claim: The requirements for passwords for the site are dated, misguided, and largely counterproductive, and therefore quite stupid.
moore40, TarantulaGuy and James O like this.
__________________
Problems are inevitable. Problems are soluble.
Reply With Quote
  #6 (permalink)  
Old 06-29-2016, 07:41 PM
TarantulaGuy's Avatar
Member
 
Join Date: Mar 2011
Location: Portland, Oregon
Posts: 584
Thanks: 37
Thanked 58 Times in 46 Posts
Default Re: Stupid Password Requirements

Quote:
Originally Posted by npaull View Post
This is just factually wrong.

A nice, simple example is captured in this xkcd cartoon (I acknowledge the shaky ground of referencing a cartoon, but the mathematics is easily verifiable from multiple other sources):

https://xkcd.com/936/

I repeat my claim: The requirements for passwords for the site are dated, misguided, and largely counterproductive, and therefore quite stupid.
I was going to post that comic too, you beat me to it 😃
moore40 likes this.
Reply With Quote
  #7 (permalink)  
Old 06-30-2016, 01:03 PM
Senior Member
 
Join Date: Nov 2004
Location: Sarasota, Florida
Posts: 3,933
Thanks: 43
Thanked 260 Times in 162 Posts
Default Re: Stupid Password Requirements

Quote:
Originally Posted by Ed View Post
If you use some form of an algebraic expression you can easily create a password that includes all of the above items... for example

X^3+y-4=2Z (as a very simple example)... or consider

1/(x^-e^2)=(ln(Z))^6

some comments

Ed
....that's just great Ed, now everyone knows my password
Ed likes this.
Reply With Quote
  #8 (permalink)  
Old 08-15-2017, 06:44 PM
TWI/ASN
 
Join Date: May 2005
Location: Seattle
Posts: 920
Thanks: 1
Thanked 23 Times in 15 Posts
Default Re: Stupid Password Requirements

So I feel increasingly vindicated about my earlier criticism of the password requirements for this site.

They are now objectively below industry standards. I recommend a change. See below:

https://www.passwordping.com/surpris...idelines-nist/
James O likes this.
__________________
Problems are inevitable. Problems are soluble.
Reply With Quote
  #9 (permalink)  
Old 08-27-2017, 06:10 PM
topher's Avatar
Member
 
Join Date: Oct 2013
Posts: 333
Thanks: 5
Thanked 7 Times in 7 Posts
Default Re: Stupid Password Requirements

Of all the things to so intensely complain about... Just make a password

Sent from my SM-G955U using Tapatalk
__________________
Frogs and Chameleons!
[email protected]
Reply With Quote
  #10 (permalink)  
Old 08-28-2017, 05:32 PM
Administrator
 
Join Date: May 2013
Posts: 378
Thanks: 7
Thanked 59 Times in 35 Posts
Default Re: Stupid Password Requirements

Hey there,

We'll be making some additional security features to our sites across our networks in next upcoming months to make them more secure. With this, we'll be able to loosen the password restrictions so it's not as complex anymore.

We thank you for your patience and understanding.


Cheers,
Natalie
Reply With Quote
  #11 (permalink)  
Old 09-10-2017, 07:50 PM
Ravage's Avatar
Member
 
Join Date: Feb 2016
Location: Bailey, CO
Posts: 451
Thanks: 30
Thanked 55 Times in 48 Posts
Default Re: Stupid Password Requirements

MarvelousKittenTrenchcoatEnhancement

100 strength:
Password Strength Checker
__________________
There's Bears in these here Woods. Wouldn't have it any other way.
Reply With Quote
  #12 (permalink)  
Old 09-11-2017, 07:48 PM
Administrator
 
Join Date: May 2013
Posts: 378
Thanks: 7
Thanked 59 Times in 35 Posts
Default Re: Stupid Password Requirements

Hey guys,

It's always helpful to have a password that's more of a phrase that you relate to. For example, I absolutely love breakfast. How can I make that into a password?

I<[email protected]$t!

Obviously you don't need to have as many symbols as I've used but I normally use some to replace the letters like a - @, s - $, E - 3 (it's like a curvy backward big e).

That's just an idea and hopefully one that will help you. Let us know if you need further assistance. Thank you for your patience and understanding.


Cheers,
Natalie
Reply With Quote
  #13 (permalink)  
Old 09-11-2017, 09:02 PM
S2G's Avatar
S2G S2G is offline
Member
 
Join Date: Jul 2016
Location: AL
Posts: 722
Thanks: 24
Thanked 56 Times in 52 Posts
Default Re: Stupid Password Requirements

That password is easily crackable which is what the OP is getting at. The article below is from 2012.

https://www.wired.com/2012/11/ff-mat...ssword-hacker/

DON’T
*Reuse passwords. If you do, a hacker who gets just one of your accounts will own them all.

*Use a dictionary word as your password. If you must, then string several together into a pass phrase.

*Use standard number substitutions. Think “P455w0rd” is a good password? N0p3! Cracking tools now have those built in.

*Use a short password—no matter how weird. Today’s processing speeds mean that even passwords like “h6!r$q” are quickly crackable. Your best defense is the longest possible password.

DO
*Enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it’s better than nothing.

*Give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a “Camper Van Beethoven Freaking Rules.”

*Scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.

*Use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that’s a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn’t tied to your name—like m****[email protected]—so it can’t be easily guessed.
Reply With Quote
  #14 (permalink)  
Old 09-12-2017, 03:36 PM
siteadmin's Avatar
Administrator
 
Join Date: May 2013
Posts: 248
Thanks: 9
Thanked 13 Times in 13 Posts
Default Re: Stupid Password Requirements

I'm a big supporter of pass"phrases" rather then pass"words". I've heard (and I find it to be true) that my brain remembers a phase a hell of a lot better then just a single word.

Example: 1Toad&2Frogs

No substitutions of characters, just a phrase that incorporates the whole keyboard.

As Natalie said, we're hoping to lessen the requirements on passwords in the near future. For now, this is what we have to deal with till that change is approved.

Kevin
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
TWI password Arrynia Dendroboard.com Feedback, Help Desk & Questions 2 04-09-2010 01:44 AM
Stupid, stupid question regarding sleep raptorslovepuns Beginner Discussion 4 09-15-2007 04:14 AM

Powered by vBadvanced CMPS v3.2.3

All times are GMT. The time now is 05:20 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.