Security, or is it no-security

Discussion in 'Current Events' started by aicul, Feb 25, 2013.

  1. macrumors 6502a

    Jun 20, 2007
    no cars, only boats
    I've noted that many web-based services are claiming to increase their security.

    Generally speaking for the user this appears as a longer password with some form of complexity (numbers, uppercase, specials).

    I just want to raise 3 points here :

    - use of uppercase/lowercase is a killer for aged people that typically type in whatever case is active. So asking them to SHIFT-key is quite blind-sided.

    - the idea that more complex is better is a red-herring. Go to any office space and look for post-its, anything long and crazy-looking ... is a password. So we are moving responsibility from web service to individual, but we are not giving the individual the means to keep it secure.

    - security 101. think of those web sites that insist on registration. Here I typically register with a password like qwerty12345 and rely on the forgotten password button. You'd be surprised how many sites (some actually claiming to provide secure cloud disk storage) will send me my password in clear by email (rather than the better password-reset link).

    All this to say that this is not security.

    I can understand security but it should bridge what technology can do with what users are willing to bear (and understand). But systematically pushing the onus on users is equivalent to leaving an open door.
  2. Moderator emeritus


    Oct 8, 2002
    The Bamboo Forest
    I don't think sites should put any stipulations on your password aside from possibly a minimum length of at least 8 and a max length of 40.

    A more complex password is a better password. How do you propose the web service improve their side? There are free password applications for most every modern web browser you can use to keep track of passwords. All of my passwords are max length allowed by the site. My master password is 20 characters long and utilizes letters from song lyrics with a bit of junk thrown in. It's not hard to make a single memorable lengthy password.

    As for passwords hanging around on sticky notes... I've not seen one despite having worked many years in an office with hundreds of people. And we're required to change our passwords every 3 months (used to be once a month). To be honest I'd rather have hard to guess passwords on sticky notes inside the office to make it harder for external attackers than weak passwords.

    Which sites are doing this? I don't believe I've ever had my password sent back to me in plain text. I know there are a few that do this. If so they should be notified and have it brought to light why this is a bad idea. I'd be interested in contacting the sites if you don't have time.
  3. macrumors demi-god


    Feb 26, 2011
    New England, USA
    Generating long passwords with letters (upper case and lower), numbers, and even special characters mixed in is easy with an app like LastPass. A 10 or 11 character password, randomly generated, with a mixture of letters, numbers, etc. is very difficult to break, and certainly much more difficult than dictionary words.

    And the best part is you don't have to remember anything...the app stores the username and password, and fills it in automatically, if you choose.

    That being said, there is no such thing as perfect security, but taking careful precautions certainly makes sense to me.

    BTW: As an "aged person", I can attest to the fact that it is not a "killer" to employ careful computing, use of complex passwords, and taking all other precautions is very possible for us feeble old codgers. And depending upon others to provide your security is a's my responsibility to protect myself as best I can.:p:D
  4. macrumors 6502a


    Jan 2, 2011
    I don't fully agree with you. There is a reasonable limit to where complex pw's cease to be effective. In real life users will start to write them down and leave them somewhere in their workspace. I'm guessing 1 out of 10 times you'll find the pw under the mouse or wrist pad.

    At my office on normal day I need to signed into eight systems. Not counting Windows or Citrix. Lord help you having to map new network drives.

    None of the pw's can be the same.

    It must contain mixed case and at least one number and one special character and be at least ten characters long.

    No character can be repeated in the string.

    We must change them every thirty days.

    Any new password can not contain the same character in the same location of the string as the old pw.

    There are more restrictions but I don't remember them. I (we) literally need to bring up the pw requirements email each and every time we creat a new one. Worse yet when a pw is rejected the error message is cryptic and not too helpful in determining what you did wrong.

    When logging into any system the profile is disabled in all systems on the third wrong pw attempt. In some systems the incorrect attempts are cumulative.
  5. macrumors G5


    Nov 25, 2005
    Use a password that is a combination of something you remember followed by random letters. Write the random letters down. An outside hacker cannot crack it because of the random letters, your coworkers cannot hack it because they don't know the thing you remember, and they are no hackers.
  6. macrumors G3

    Jessica Lares

    Oct 31, 2009
    Near Dallas, Texas, USA
    Doesn't anyone else write passwords on a folded index card and put it in their wallet?
  7. Moderator emeritus


    Oct 8, 2002
    The Bamboo Forest
    I actually have a fairly long string of "random" characters that I have memorized and for passwords I have to update monthly, I just put the named month/year inside it. Easy enough to remember.
  8. macrumors 68000


    Sep 9, 2010
    's-Hertogenbosch Netherlands
    Being one of those age impaired people, I just let those nice Nigerian/Russian people I met via e-mail handle my passwords. :p
  9. macrumors 68020


    Jul 31, 2006
    Same country as Santa Claus
    I have so many accounts and passwords I have an excel file with a password protection on it and a bsackup file with a password incase my computer crashes. :rolleyes::D
  10. macrumors 68030


    May 27, 2006
    Miami, FL
    I feel as if I should post this discussion. It's definitely worth a read.
  11. macrumors newbie

    Mar 7, 2013

    just write passwords at a diary at your home. because wallet is also not secure. thanks,
  12. macrumors G5


    Nov 25, 2005
    Combine something you remember easily that your co-workers don't know, with six or eight random digits that you write on a sticky note. Keeps external hackers out, and keeps your co-workers out.

Share This Page