The new password craze...

[PrinceofWands]

is completely out of hand.

I mean, it's always been ridiculous: change it every few months, 8+ characters, letter and numbers, etc...but now it's just STUPID. Was just made to update my account for commenting on a blog (not transferring millions of dollars, and not passing nuclear launch codes) and it required 20 characters exactly, or upper, lower, number, and special characters 8 or more long.

I promptly deleted my entire account, as I did with NCSoft, previous jobs, and every other place that makes such ludicrous requirements.

NEWSFLASH: YOUR PASSWORDS DO NOT FUCKING MATTER IN THE LEAST!!!

Anyone with half a brain can hack your accounts no matter what you do. Having a password at all is about as useful as putting the loaded gun on the top shelf instead of leaving it on the coffee table. So KNOCK IT OFF people!

/rant

 

[VulgarDisplay]

not sure if serious...

 

[Printer Bandit]

login: printer bandit
password: password

 

[Newbian]

Just make it your full name then 1-2-3-4 and such after.

 

[PrinceofWands]

100% serious. I do not engage in useless crap like that, and the trend for it drives me insane.

 

[PrinceofWands]

Just make it your full name then 1-2-3-4 and such after.

It wouldn't matter. Three months from now the requirement will be 50 characters, in 7 different languages, plus a DNA strand. There is no force in the universe greater than collective stupidity.

 

[Red Squirrel]

I hate ridiculous requirements too. Complexity and lenght requirements, I can understand. Requirements of having multiple passwords, and having them all expire at different times, ridiculous.

Companies should issue ONE password, and have that work for everything. For extra security make it a RSA token, I don't care, but companies have to stop with all these separate passwords.

Also having them expire is 100% useless. If by chance somebody is brute forcing your password, when you go to change it, what's to say the one you pick has not been tried yet?

There's one system where I work that's rediculous, here's how it goes:

1. Login using your RSA token to a web interface
2. Open a link, pray that it actually works, because half the time it does not.
3. Enter your 1st set of credentials, this logs you into a RDP server
4. On the RDP server, open a "init" app, enter your 2nd set of credentials
5. A console opens, enter your RSA username, and your 3rd set of credentials
6. Enter RSA password again

That authenticates you to login to the switches. Some of the switches prompt for another password.

All these passwords is just ridiculous. It's better to have one very secure password that works for everything and never changes, than to have all these other passwords that change all the time, because people are more likely to write them down somewhere anyway.

IMO the best thing is two factor authentication, that works for everything.

Also ANY password, even if it uses two factor authentication, is completely useless without brute force protection measures. It's not a question of if someone will get in but a question of when.

 

[PrinceofWands]

I hate ridiculous requirements too. Complexity and lenght requirements, I can understand. Requirements of having multiple passwords, and having them all expire at different times, ridiculous.

Companies should issue ONE password, and have that work for everything. For extra security make it a RSA token, I don't care, but companies have to stop with all these separate passwords.

Also having them expire is 100% useless. If by chance somebody is brute forcing your password, when you go to change it, what's to say the one you pick has not been tried yet?

There's one system where I work that's rediculous, here's how it goes:

1. Login using your RSA token to a web interface
2. Open a link, pray that it actually works, because half the time it does not.
3. Enter your 1st set of credentials, this logs you into a RDP server
4. On the RDP server, open a "init" app, enter your 2nd set of credentials
5. A console opens, enter your RSA username, and your 3rd set of credentials
6. Enter RSA password again

That authenticates you to login to the switches. Some of the switches prompt for another password.

All these passwords is just ridiculous. It's better to have one very secure password that works for everything and never changes, than to have all these other passwords that change all the time, because people are more likely to write them down somewhere anyway.

IMO the best thing is two factor authentication, that works for everything.

Or, here's a nifty idea: don't put sensitive information on the same network as things with public access. Doesn't work for everything of course (like online services), but a lot of times I look at a company's network layouts and think "Holy shit! We are all completely screwed, why even try?".

 

[OutHouse]

100% serious. I do not engage in useless crap like that, and the trend for it drives me insane.

just wait, two factor authentication is just getting started. get ready for a soft token for just about everything.

 

[Newbian]

I miss being able to post links to log out of the forums and was fun using it hidden under other text but sadly the mods got tired of resetting peoples passwords because they forget them.

 

[KlokWyze]

LastPass

 

[The Boston Dangler]

http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/

passwords are quickly becoming damn near useless

 

[phucheneh]

Best passwords for me are random letter combinations and a random number or three.

The trick is using the same combos, but not coming up with anything that would be a wordlist for a cracker. E.g. I bet QWERTYUIOP123 can and will be guess if somebody wants to.

However, as mentioned, all you have to do is be not silly enough to use something that has a high likelihood of being guessable.

 

[VulgarDisplay]

The point of a password is to deter the average idiot who thinks he's a hacker. That's the person more likely to go after your stuff.

 

[LevelSea]

 

[KlokWyze]

hence the move to cloud integrated biometric ID platforms. big brother couldn't be happier because we will all comply willingly.

 

[bbhaag]

nvm

 

[Pray To Jesus]

Y6OSe9y2W5T8JvKnlee&AuV8t5GD$gnH%eA%m*5gQkSn1cTheY*LibcLoVy22*ZGa@0t*0FR2@!i0ttWgKIxhDndEFLsw3vV5XD

 

[Pray To Jesus]

%@S&pDbg2ct4DwNbA5CEzPT7xS$Wio

 

[Pray To Jesus]

LY34j1A9DnVnyiRSu6YHY4VAhSAMg7

 

[Suspicious-Teach8788]

MD5 forever

 

[WelshBloke]

The ironic thing is that it's only trivial things that make me have ridiculous passwords, my online banking password is a 5 character numeric code.

 

[PrinceofWands]

The point of a password is to deter the average idiot who thinks he's a hacker. That's the person more likely to go after your stuff.

Yep, hence the putting the gun on the top shelf analogy. However, any 7 or 8 character password, especially if it has an extra number or character, is going to cut that low tier free. At the point they can get past that they can get past anything short of requirements so arduous they defeat any benefit of computing in the first place. Especially with the availability of dc for brute force crunching.

Most importantly let's keep the key element in mind: this was for a random blog comment, not ANYTHING with any value whatsoever. The only reason to even have a password to such a thing is to prevent someone posting something under your id that would get you banned or investigated by police.

What's more, regardless of what you do for your own password, the network upon which it is utilized is a weak point you can't control. Eventually, as a hacker, you stop cracking individual accounts and instead just expose the host server and take everything at once.

 

[PrinceofWands]

The ironic thing is that it's only trivial things that make me have ridiculous passwords, my online banking password is a 5 character numeric code.

YES EXACTLY!!! Mine is 7, must have 1 special (cap, number, or character).

 

[Mixolydian]

OP needs this.