[QUOTE=NixNax123;48671832]"this password must contain a horizontal tab character"[/QUOTE]
"But cannot contain spaces or "#,@,&,(,),or ?"
Why can't passwords have spaces or certain symbols?
[QUOTE=TheWhiteFox1;48671770]passwords that have like 5 requisites are the fuckin worst.[/QUOTE]
If it didn't get me fired, I'd show a screenshot of Best Buy's internal password requirements. There's thirteen. THIRTEEN.
[QUOTE=wickedplayer494;48669221]Sites that set a maximum length on passwords ([I]cough[/I] Microsoft) are absolutely fucking stupid.[/QUOTE]
It's likely a storage issue.. If a site is going to have a million users they would probably prefer to keep from having to store passwords of length 30 * 1,000,000 when they could easily limit it to 8 * 1,000,000.
The video is funny but there are very good reasons for password security on these sites. As far as password "strength" goes, it's determined on the basis of computational difficulty and how long it would take someone to calculate and and crack that password if they were using like 10 high power GPUs or something lol. It's in the sites' interest to make sure their users aren't hacked because of their bad passwords because oftentimes users are trusted with capabilities that can hurt the site if a user is compromised. It's kind of like herd immunity in vaccinations, you can say "oh well who cares if i get sick" but in reality you're putting others at risk. Your account could be hacked and then used to trick other users that trust you, or could be used to remove or edit data other users rely on, or even replace a file users will be downloading with something malicious that is trusted based on your account reputation. Password requirements are a bit annoying but in reality they really are a very important part of web security as a whole, your password affects more people than just yourself.
[QUOTE=mralexs;48672034]"But cannot contain spaces or "#,@,&,(,),or ?"
Why can't passwords have spaces or certain symbols?[/QUOTE]
Maybe something to do with how it's handled when being stored (ie. wrecking a database) or limitations to the encryption method? I don't know. I'm sure someone will pop in who actually knows something about it.
snip
[QUOTE=wickedplayer494;48669221]Sites that set a maximum length on passwords ([I]cough[/I] Microsoft) are absolutely fucking stupid.[/QUOTE]
max password length is just to decrease space used on security. It's pretty fucked.
why shouldn't I be allowed to have a 50 digit high ascii password for EVERY site I use?
[QUOTE=mralexs;48672034]"But cannot contain spaces or "#,@,&,(,),or ?"
Why can't passwords have spaces or certain symbols?[/QUOTE]
Because those websites are using poorly written databases. You can't put in a ")" or the entire table shits itself, that's usually the reason.
worst offender: YAHOO. If you forget your yahoo password and want to reset it, you [B]can't use any word from any previous passwords.[/B] Not just "you can't reuse the same password twice", its "you used that one word in a password 3 passwords ago, this will not fly". Like, I literally reset my password every time I log into my flickr or yahoo mail, which text messeges me a code which I enter then I can reset, and I just slam my keyboard a few times, and log in. Its fucking STUPID.
The worst password system was the one for GFWL. I had to change my password, so I went in Firefox and changed it on the MSN site. I used Lastpass to generate a password with symbols and everything. It accepted it, and allowed me to continue. So I went to log in to the game, and it wouldn't accept the password. After tons of trial and error I realized that the browser allowed you to use special characters, but the in-game login prompt would not.
[QUOTE=SGTNAPALM;48672582]The worst password system was the one for GFWL. I had to change my password, so I went in Firefox and changed it on the MSN site. I used Lastpass to generate a password with symbols and everything. It accepted it, and allowed me to continue. So I went to log in to the game, and it wouldn't accept the password. After tons of trial and error I realized that the browser allowed you to use special characters, but the in-game login prompt would not.[/QUOTE]
I once registered at a small forum with such exotic characters in a password their database crashed.
Also, fuck UPlay, once my password just stopped working all of a sudden but I could still login on the uplay/ubisoft website.
The fault? After a fuck-ton of password changes and clueless support, I figured the UPlay client couldn't handle the full length of the password that was allowed. :suicide:
[QUOTE=Wunce;48670314]What you are trying to say is right but your enumeration looks iffy.
I'll try to give a better example:
8 char password with only letters:
26^8 = 208827064576 ~ 2.0x10^11
8 char password with letters and numbers:
36^8 = 2821109907456
8 char password with at least one number:
passwords with both - passwords with only letters = 2821109907456 - 208827064576 = 2612282842880 ~ 2.6x10^12
This seems to suggest that adding an extra letter (so having a password of length 9) is quite a bit better than including a number.[/QUOTE]
Of course it is.
What I'm trying to say is that in theory it looks like forcing a number looks like it narrows the possibilities down but in reality and actual application people use simple words and forcing them to use a number makes the passwords safer.
As I wanted to demonstrate with the most basic example.
As people often just add the number to the end(as demonstrated in the OP video)
"letter" : 26 possibilities
"letter + number": 26 *10 possibilities( forgot about the 0 up there lol)
The "narrowing down" illusion lies in the fact that the form of "only a letter" is not included in the second set.
Of course the calculation is wrong if you suppose that people just use "1" instead of "l" or any of that stuff but that is rarely happening.
The reason why the rules say "extra number" instead of "extra letter" is that else people tend just to use words and those are easily broken by dictionary attacks.
The student finance website for the UK is hilarious. You're not allowed capital letters, numbers or symbols and there is a maximum length.
[QUOTE=Marik Bentusi;48669401]Yeah, passwords are kind of becoming a hassle. Not really trusting password managers; I usually don't hear about those getting cracked open, but if it ever happens, the fallout could be ridiculous. The safest route would probably having an IRL paper with unique passwords, but I can't be bothered with that.[/QUOTE]
Then you lose the paper, or someone finds it. Password managers really are your best option, trust strong encryption.
Fun Fact: In the US by writing down your password, you may have invalidated your 5th amendment to the relevant encrypted/locked password. [URL="http://www.uclalawreview.org/the-fifth-amendment-encryption-and-the-forgotten-state-interest/"]Src[/URL]
[QUOTE=srobins;48672197]It's likely a storage issue.. If a site is going to have a million users they would probably prefer to keep from having to store passwords of length 30 * 1,000,000 when they could easily limit it to 8 * 1,000,000.
[/QUOTE]
Nope.
If the site is any good then your password will be encrypted. This encryption process converts your password, no matter what it is, into a pair of typically 40 character strings, known as the hash and the salt.
Doesn't matter if your password is 3 characters or a hundred, it'll be stored as this pair of 40 character encrypted strings.
(Note the Adobe password leak revealed they did NOT use hashed salted passwords, so just because a name is big does not mean they're doing it right)
Now password requirements stopped pissing me off since I switched to using keepass (If you don't trust an online manager then keepass is a great alternative, everything's done on your own computer)
but I have a new beef with password security:
Password reminders/secret questions.
A password hint or secret question/answer is basically just a different password for entry. If your hint is your password, you may as well not have a password. If anyone could guess your password from your hint, you may as well not have a password.
But secret questions are worse - especially as you generally don't get the option of what question you want to be asked, except picking from a list of pre-defined questions!
So here's a common one - eBay does this. You have to select 3 secret questions, with the usual:
What was the name of your first school?
What was your mother's Maiden Name?
Where were you born?
and so on.
But these are the days of social media - THE ANSWERS TO THESE QUESTIONS ARE PROBABLY ON YOUR FACEBOOK PROFILE.
So to secure this method of entry you have to essentially password these answers too. You'll most likely never remember what you put, but at least no one will be able to get in that way.
why is his mouth so long
I was expecting him to talk about websites that generate a password and give it to you instead of letting you create your own password.
These are the worst. You KNOW you're eventually going to lose and forget the said passwords.
HItlerdIdn()thingwrong4_ - my old almost unbreakable PW.
What's the song in the beginning?
Nvm found it , it's indian Michael Jackson
[QUOTE=notlabbet;48672571]worst offender: YAHOO. If you forget your yahoo password and want to reset it, you [B]can't use any word from any previous passwords.[/B] Not just "you can't reuse the same password twice", its "you used that one word in a password 3 passwords ago, this will not fly". Like, I literally reset my password every time I log into my flickr or yahoo mail, which text messeges me a code which I enter then I can reset, and I just slam my keyboard a few times, and log in. Its fucking STUPID.[/QUOTE]
Wait
What?
How would that even be possible?
They can know if you're using the same password by checking the digests, but how would they know what words you used in it?
apple passwords are the most infuriating thing
you have to have a certain amount of characters, lowercase, uppercase, numbers, and special characters in order for it to be accepted
Ůúůúůúůúůú1 noone is ever gonna guess my password
I had the same password problem with my old neopets account.
What's so funny? i lost my bruce penguin :(
[QUOTE=Killuah;48673202]Of course it is.
What I'm trying to say is that in theory it looks like forcing a number looks like it narrows the possibilities down but in reality and actual application people use simple words and forcing them to use a number makes the passwords safer.
As I wanted to demonstrate with the most basic example.
As people often just add the number to the end(as demonstrated in the OP video)
"letter" : 26 possibilities
"letter + number": 26 *10 possibilities( forgot about the 0 up there lol)
The "narrowing down" illusion lies in the fact that the form of "only a letter" is not included in the second set.
Of course the calculation is wrong if you suppose that people just use "1" instead of "l" or any of that stuff but that is rarely happening.
The reason why the rules say "extra number" instead of "extra letter" is that else people tend just to use words and those are easily broken by dictionary attacks.[/QUOTE]
But again, you're excluding the fact that a single-character password can contain both letters AND numbers/symbols/etc. You're skewing your results by limiting the single-character section to only letters and then letting the 2-character password be letters and numbers.
[QUOTE=AncientFryup;48673245]The student finance website for the UK is hilarious. You're not allowed capital letters, numbers or symbols and there is a maximum length.[/QUOTE]
logging into that fucking website is such a huge pain in the dick
Easiest way for me to create a password:
- Make a fake name. Something a bit long like Viktor Molotov. Assign a call sign for the name, like Sapper or something (because he is a Russian who uses molotovs)
- Now replace the spacebar with _ (for special character rule) and add 3 numbers of your choosing. Usually it's the birthday, or 420, or whatever.
- Bam. Now you have a password that fits almost every requirements, and is relatively easy to remember - Viktor_Molotov420 aka Sapper. maybe do it like the CoD kids and add xXx or something if there's no char limit.
[QUOTE=subenji99;48673443]Nope.
If the site is any good then your password will be encrypted. This encryption process converts your password, no matter what it is, into a pair of typically 40 character strings, known as the hash and the salt.
Doesn't matter if your password is 3 characters or a hundred, it'll be stored as this pair of 40 character encrypted strings.
(Note the Adobe password leak revealed they did NOT use hashed salted passwords, so just because a name is big does not mean they're doing it right)
Now password requirements stopped pissing me off since I switched to using keepass (If you don't trust an online manager then keepass is a great alternative, everything's done on your own computer)
but I have a new beef with password security:
Password reminders/secret questions.
A password hint or secret question/answer is basically just a different password for entry. If your hint is your password, you may as well not have a password. If anyone could guess your password from your hint, you may as well not have a password.
But secret questions are worse - especially as you generally don't get the option of what question you want to be asked, except picking from a list of pre-defined questions!
So here's a common one - eBay does this. You have to select 3 secret questions, with the usual:
What was the name of your first school?
What was your mother's Maiden Name?
Where were you born?
and so on.
But these are the days of social media - THE ANSWERS TO THESE QUESTIONS ARE PROBABLY ON YOUR FACEBOOK PROFILE.
So to secure this method of entry you have to essentially password these answers too. You'll most likely never remember what you put, but at least no one will be able to get in that way.[/QUOTE]
lol I don't know how I missed this, feel like an idiot.. I'm very familiar with hash and salt just not sure how the two concepts completely eluded me during that post, for shame..
[QUOTE=notlabbet;48672571]worst offender: YAHOO. If you forget your yahoo password and want to reset it, you [B]can't use any word from any previous passwords.[/B] Not just "you can't reuse the same password twice", its "you used that one word in a password 3 passwords ago, this will not fly". Like, I literally reset my password every time I log into my flickr or yahoo mail, which text messeges me a code which I enter then I can reset, and I just slam my keyboard a few times, and log in. Its fucking STUPID.[/QUOTE]
whats even worse is that they have really a shit "Recent account activity" list so if your account is hacked you're basically shit out of luck
Fucking apple ID
i literally have to reset it every fucking time because it doesn't let me use a password i've had in the last year, like what the fuck
[QUOTE=notlabbet;48672571]worst offender: YAHOO. If you forget your yahoo password and want to reset it, you [B]can't use any word from any previous passwords.[/B] Not just "you can't reuse the same password twice", its "you used that one word in a password 3 passwords ago, this will not fly". Like, I literally reset my password every time I log into my flickr or yahoo mail, which text messeges me a code which I enter then I can reset, and I just slam my keyboard a few times, and log in. Its fucking STUPID.[/QUOTE]
makes me concerned they are saving parts of your passwords for that long
Sorry, you need to Log In to post a reply to this thread.