h a l f b a k e r yWhere life imitates science.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
"A secure password includes punctuation marks and numbers, mixes uppercase and lowercase letters, does not contain any meaningful words, and is as many characters long as possible."
Yeah, bollocks to that. Who is going to remember that random garbage? This sort of requirement practically forces users
into bad security practices.
Especially at work, this security guff gets in the way of people doing their jobs, so working around the system becomes second nature.
No. Instead we should worry about other risks, such as users sharing their passwords.
"A secure password includes punctuation, numbers, uppercase and lowercase letters, and at least one expletive."
This closes off the entire avenue of social engineering attacks for a large proportion of the population, and significantly reduces it for much of the rest.
For example, you can tell people that no representative will ever ask for their password, but they'll still give it away in an unguarded moment. But they may think twice if it's obscene.
http://xkcd.com/936/
This is not actually secure. [MechE, Sep 29 2014]
: ]
http://www.dailymot...-comic-standing_fun From 1:00 on [2 fries shy of a happy meal, Sep 29 2014]
[link]
|
|
I would suggest an embarrassing secret is going to be much
more secure than profanity. |
|
|
This idea is ecumenical in that respect. It just has to be something you wouldn't say to other people. |
|
|
In 1985, my first password was my fetish on the grounds that if I
trusted anyone enough to get them to know what it was, I would trust
them enough for them to know my password. [+]. |
|
|
Baked by Ian Watkins (sex offender / Lostprophets singer)
whose laptop password was along the lines of "Ifuckkidz" |
|
|
I wouldn't say any of my passwords to other people, as most
of them don't make sense. I use a password formula that any
hacker could probably figure out, and yes, my facebook
password has a-s-s in it... |
|
|
I had a lecture by some forensic investigators. they
spend hours tried to crack a laptop password with
various software devices. out f frustration they tried
"fuck" and it ended up working. |
|
|
//out f frustration they tried "fuck" and it ended up
working// |
|
|
Presumably their frustration was based upon their own
inability to do the sort of basic forensic work that could
easily be accomplished by a moderately smart 14yo with
access to google? |
|
|
// It just has to be something you wouldn't say to other people. |
|
|
What, like "Hey NMRM, that's a great idea, have a bun". |
|
|
Nice idea. Sort of like making your password an implicit threat such itrackandkillhackers4fun |
|
|
If I'm forced to follow stupid overly-restrictive password
rules, I will make the password a swear-filled rant about
those rules. |
|
|
Incidentally, it occurred to me that if your password was something like "Fuck you, pigs" then it would be satisfying to write on the form when you're served under a key disclosure law. |
|
|
I work on systems which don't allow me to set my own password. Instead, periodically I will be told that my password needs to be changed and, when this happens, I am given a choice of three nonsense words, randomly generated with rules to ensure they are (just) pronouceable. I always choose the one that sounds rudest. |
|
|
Ho hum, 10 x 10 word grid, you make a sentence, you get the password that corresponds to the sentence you just made, from the pre-generated 10 billion passwords, each password is 15 plus randomly chars. You don't have to remember the password, just the sentence. |
|
|
I got bored and made that, but no one was interested, so gave up. |
|
| |