Prev: Some projects were hidden because they exist in the workspace directory
Next: light weight types
From: Mike Schilling on 28 Sep 2009 17:44
Dave Searles wrote:
>
> I still think the surest bet is to avoid using dictionary-attackable
> passwords. :)

Absolutely, which is why many environments require passwords to contain both
letters and numbers.


From: Tom Anderson on 28 Sep 2009 18:06
On Mon, 28 Sep 2009, Mike Schilling wrote:

> Dave Searles wrote:
>
>> I still think the surest bet is to avoid using dictionary-attackable
>> passwords. :)
>
> Absolutely, which is why many environments require passwords to contain
> both letters and numbers.

Which is absolutely not a good defence. "pa55w0rd" and "password1", which
are the kind of thing this rule usually engenders, are not a lot more
difficult to guess than "password" - it's a small constant-factor increase
in the amount of work a password cracker has to do.

What would really make a difference is expanding password boxes to 200
characters (FSVO '200'), and telling people to use whole phrases. "I used
to use weensy passwords but now use humongous ones" is going to take a
very long time to guess.

tom

--
I am the best at what i do.
From: Mike Schilling on 28 Sep 2009 18:44
Tom Anderson wrote:
> On Mon, 28 Sep 2009, Mike Schilling wrote:
>
>> Dave Searles wrote:
>>
>>> I still think the surest bet is to avoid using dictionary-attackable
>>> passwords. :)
>>
>> Absolutely, which is why many environments require passwords to
>> contain both letters and numbers.
>
> Which is absolutely not a good defence. "pa55w0rd" and "password1",
> which are the kind of thing this rule usually engenders, are not a
> lot more difficult to guess than "password" - it's a small
> constant-factor increase in the amount of work a password cracker has
> to do.
> What would really make a difference is expanding password boxes to 200
> characters (FSVO '200'), and telling people to use whole phrases. "I
> used to use weensy passwords but now use humongous ones" is going to
> take a very long time to guess.

At which point people, will, in self-defense, put their plaintext passwords
into disk files, so that they can cut and paste them.


From: Kenneth P. Turvey on 29 Sep 2009 04:01
On Mon, 28 Sep 2009 15:44:26 -0700, Mike Schilling wrote:

> Tom Anderson wrote:
>> On Mon, 28 Sep 2009, Mike Schilling wrote:
>>
>>> Dave Searles wrote:
>>>
>>>> I still think the surest bet is to avoid using dictionary-attackable
>>>> passwords. :)
>>>
>>> Absolutely, which is why many environments require passwords to
>>> contain both letters and numbers.
>>
>> Which is absolutely not a good defence. "pa55w0rd" and "password1",
>> which are the kind of thing this rule usually engenders, are not a lot
>> more difficult to guess than "password" - it's a small constant-factor
>> increase in the amount of work a password cracker has to do.
>> What would really make a difference is expanding password boxes to 200
>> characters (FSVO '200'), and telling people to use whole phrases. "I
>> used to use weensy passwords but now use humongous ones" is going to
>> take a very long time to guess.
>
> At which point people, will, in self-defense, put their plaintext
> passwords into disk files, so that they can cut and paste them.

For web based apps I don't know why using personal certificates never
caught on. If a browser vendor made it easy to generate the
certificates, then we wouldn't need all this password stuff.

--
Kenneth P. Turvey <evoturvey(a)gmail.com>
From: Lothar Kimmeringer on 29 Sep 2009 04:26
Kenneth P. Turvey wrote:

> For web based apps I don't know why using personal certificates never
> caught on. If a browser vendor made it easy to generate the
> certificates, then we wouldn't need all this password stuff.

In a One Man One PC world this is practicable but as soon as you
work with more than one PC - let alone smartphones - you try
that once and never again if the service in question is of
minor importance.


Regards, Lothar
--
Lothar Kimmeringer E-Mail: spamfang(a)kimmeringer.de
PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
questions!
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13
Prev: Some projects were hidden because they exist in the workspace directory
Next: light weight types