Password Restrictions That Lie

[Gagundathar]

Hal_Briston:

And I still remember “correct horse battery staple”.

I came on here just to post the latest xkcd link xkcd: Password Strength
I wonder if this method would work with many of the password restriction schemes in place out there.

[The_Tao_s_Revenge]

Gagundathar:

I came on here just to post the latest xkcd link xkcd: Password Strength
I wonder if this method would work with many of the password restriction schemes in place out there.

I can assure you it would not. I use a that system combined with a random words that produce a wild phrase. I end up with passwords like frog-Orgy-Adventure-Gun.

Some sites place limits on password length. This is terrifying to me. It says they don’t use a one way hash encryption to store passwords. This is a sign of grave incompetence in the security world. It means the passwords are being stored in a readable format, instead of a hash. Storing a hash means you can verify a password by hashing it without having to know the password, just its hash. If a system is comprised a table of hashes is a lot more trouble to do anything with than a table of passwords.

Further some retards disallow special characters. If you’re immediately hashing it, then special characters are irrelevant. If you’re not hashing them, then you should quit your job, and take up prostituting yourself for drugs.

Also it doesn’t contain a number. Makes me want to beat the idiot incompetent jackass who programed the server to a bloody pulp. As a if a 1 at the end would help things much.

[Chronos]

I note that that joke set of password restrictions doesn’t have any restrictions on grawlixes, aside from the “adjacent on the keyboard” one. So that right there would open up a lot more valid passwords.

A bitter annoyance is the security questions used to reset a password. Are they case sensitive? Are spaces allowed? I’ve yet to see any site that spells these things out.

The bigger problem with those is that they’re always the exact same things they tell you not to use for your password. Don’t make your password your pet’s name, because that’s easy for an attacker to find out. Instead, make them click “Forgot my password”, and enter your easily-researched pet’s name there.

[Bumbershoot]

Sunspace:

Sounds like classic BOFH material.

Besides, it would be very difficult to screen against all languages. What if my chosen password was a vile insult in Ancient Lower Babylonian? And if it isn’t, will they check Classic Babylonian, Middle Babylonian, Ancient Upper Babylonian, or Proto-Babylonian?

Coincidentally, my go-to password is “Proto-Babylonian?”.

[Ethilrist]

I hate the sites that feed you the rules one at a time, and, each time they kick you back, you have to re-enter half the fields on the page…

“You need at least one capitalized letter…”
“… and a number…”
“… you also have to have at least one special character…”
“… and a pony.”

On the other end of the scale, I’m amused by websites that require me to change my password every time I go there because they can’t remember it, so I “change” it to exactly what it was in the first place, and we’re good.

[Clothahump]

Sunspace:

Sounds like classic BOFH material.

BOFH was my hero!!

[Nunzio_Tavulari]

OK, so this post is over a month old. But I saw this funny video and knew it belonged to this thread