Can we get rid of the silly requirements for passwords?
Moderator: ItL Moderators
- Reynard-Miri
- Manticor
- Posts: 3190
- Joined: Tue Jul 10, 2012 5:09 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
- Archaic Sage
- ItL Webmaster
- Posts: 1323
- Joined: Wed Feb 27, 2008 10:40 am
- Location: England
- Contact:
Re: Can we get rid of the silly requirements for passwords?
I actually work in IT Security they do add additional security, by a very long stretch. Not only that but there's not only the risk of a brute force computer attack but also a brute force human attack. We also have other security in place to attempt to prevent computer brute force.
Additionally adding a special character in the first 6 characters dramatically increases the strength from a computerised attack.
Additionally adding a special character in the first 6 characters dramatically increases the strength from a computerised attack.
[ | | | | ]
- Maxine MagicFox
- ItL Webmaster
- Posts: 13474
- Joined: Wed Feb 27, 2008 12:20 pm
- Location: Pennsylvania
- Contact:
Re: Can we get rid of the silly requirements for passwords?
Sorry, garrett. But those of us "in our field" do know more about this. We are not just protecting against one form of attack. The "human element" is just as important as the computer element. Protecting against multiple forms of attacks is extremely vital.
Oh and by the way, there's a wikipedia article for this ^_^
http://en.wikipedia.org/wiki/Password_s ... _passwords
Oh and by the way, there's a wikipedia article for this ^_^
http://en.wikipedia.org/wiki/Password_s ... _passwords
[] - [] - [] - []
- Reynard-Miri
- Manticor
- Posts: 3190
- Joined: Tue Jul 10, 2012 5:09 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: Can we get rid of the silly requirements for passwords?
Dictionary attack.
- Reynard-Miri
- Manticor
- Posts: 3190
- Joined: Tue Jul 10, 2012 5:09 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: Can we get rid of the silly requirements for passwords?
Hey Garrett, maybe you should .
Re: Can we get rid of the silly requirements for passwords?
And that was the last time a webcomic was viewed as a credible source on ItL.
"Everyone else is idiots, Zamisk. And you am idiots. And I are idiots."
-PLA
- warcraff
- Ragelope
- Posts: 35
- Joined: Tue Jun 21, 2011 3:11 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: Can we get rid of the silly requirements for passwords?
Kudos on the better security for passwords.
This will the third time I've asked to have a new password sent to my email account. Awesome.
This will the third time I've asked to have a new password sent to my email account. Awesome.
I will use the Elements.
- Archaic Sage
- ItL Webmaster
- Posts: 1323
- Joined: Wed Feb 27, 2008 10:40 am
- Location: England
- Contact:
Re: Can we get rid of the silly requirements for passwords?
Perhaps you should try remembering your passwords. We don't ask for anything that's not standard in many industries or that difficult. We don't block dictionary words, we don't block specific phrases and we don't ask for 1.5 or 2 factor authentication as part of the login process and to be fair.
If you ever work for a big company, they will have password policies that meet the following:
1 upper case character
1 lower case character
1 special character (e.g. ? @ ;
1 number
In fact, some companies also block their own names and seasons from being used, so your password can't be Autumn2013.
They will also enforce a change every 90 days.
In fact, I actually have one account I use (for work) whereby I have a username, a password, a security question and a password that's part memory and part one time password from a separate device that changes every 20 seconds - so if you get a slow connection you've got to reauthenticate as it can sometimes be wrong by the time the page has loaded.
If you ever work for a big company, they will have password policies that meet the following:
1 upper case character
1 lower case character
1 special character (e.g. ? @ ;
1 number
In fact, some companies also block their own names and seasons from being used, so your password can't be Autumn2013.
They will also enforce a change every 90 days.
In fact, I actually have one account I use (for work) whereby I have a username, a password, a security question and a password that's part memory and part one time password from a separate device that changes every 20 seconds - so if you get a slow connection you've got to reauthenticate as it can sometimes be wrong by the time the page has loaded.
[ | | | | ]
- Kimiko
- Manticor
- Posts: 6044
- Joined: Wed Jun 18, 2008 9:31 am
- Location: Leiden, Netherlands, EU [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: Can we get rid of the silly requirements for passwords?
I worked at a company that password change set to every 30 days. Most people had one password and just incremented the number at the end each time. If you knew their password once, you'd know it three months later.
Kimiko
Rewatching: Beast Player Erin
Rewatching: Beast Player Erin
- Archaic Sage
- ItL Webmaster
- Posts: 1323
- Joined: Wed Feb 27, 2008 10:40 am
- Location: England
- Contact:
Re: Can we get rid of the silly requirements for passwords?
Yep, which is too frequent in my opinion. That said the latest technology can actually prevent that from happening.
[ | | | | ]
- Reynard-Miri
- Manticor
- Posts: 3190
- Joined: Tue Jul 10, 2012 5:09 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: Can we get rid of the silly requirements for passwords?
At my company it's 90 days and I'm pretty sure you can't reuse the same password again ever.
- Archaic Sage
- ItL Webmaster
- Posts: 1323
- Joined: Wed Feb 27, 2008 10:40 am
- Location: England
- Contact:
Re: Can we get rid of the silly requirements for passwords?
There's certain password requirements for PCI DSS, which is a standard that all companies that process credit cards have to follow in order for banks to do business with them. For the most part these mirror security standards, so things like changes no less than every 90 days, at least 8 characters in length, a mix of cases, numbers and special characters, off of the top of my head, I think it states you can't reuse any of your past 12 passwords and that's all I can remember without looking at the standard.
Some technology allows us to prevent sequential numbers (2, 4, 6, 7, 8 etc) and others allows the system to know that your last password was Autumn100, so will ban Autumn101 or 200 and if you had Autumn200 then 400, that'd be banned as it's a sequential.
It's a difficult line for corporations to tread as you need to be compliant and safe (and in the EU if you have a breach of personal data is a much bigger issue than in the states as we have 24 hour notification laws and other problems) and ensuring people don't write their passwords on a post-it and put it under their monitor, or on it.
Some technology allows us to prevent sequential numbers (2, 4, 6, 7, 8 etc) and others allows the system to know that your last password was Autumn100, so will ban Autumn101 or 200 and if you had Autumn200 then 400, that'd be banned as it's a sequential.
It's a difficult line for corporations to tread as you need to be compliant and safe (and in the EU if you have a breach of personal data is a much bigger issue than in the states as we have 24 hour notification laws and other problems) and ensuring people don't write their passwords on a post-it and put it under their monitor, or on it.
[ | | | | ]
- Windywalk
- Ragelope
- Posts: 69
- Joined: Fri Apr 19, 2013 10:14 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: Can we get rid of the silly requirements for passwords?
Password change error is
The password does not contain the required characters.
Mixed cases (both of capital and smaller) and numbers don't make sense.
alphabet and number are enough.
The password does not contain the required characters.
Mixed cases (both of capital and smaller) and numbers don't make sense.
alphabet and number are enough.
- Archaic Sage
- ItL Webmaster
- Posts: 1323
- Joined: Wed Feb 27, 2008 10:40 am
- Location: England
- Contact:
Return to “Feedback and Suggestions”
Who is online
Users browsing this forum: No registered users and 4 guests