Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Passwords

cycocelica

cycocelica

macrumors 68000
Original poster
Apr 28, 2005
1,801
4
Redmond, WA
You know what annoys me, web site passwords.

There is no standard for them and it frustrates me. One site will only allow six letters or numbers, others require a minimum of six letters or numbers. Some require a number, while others you are free to do whatever.

Now I understand that most of this is for security reasons, but let the people decided what is secure to them or not. I know internet security is a big issue but I will decide what I want to keep really secure and what I don't care about.

I also know there are programs like 1Password that will allow one password for all, but for the everyday consumer they don't know these exists. I really think there should be a standard for passwords all across the internet. It bugs me that something I don't think needs to be all that secure, I have to use a number . Is this just me.
 
yeah, it's a pain. luckily, my password for everything is eight letters anyway, and i just stick a "1" onto it if sites require it. (lthough one site i went to once required two numbers, that was a bit odd...)
 
In many cases the risk posed by weak passwords extends well beyond the user himself. The administrator of a service has a vested interest in your account not being too easily compromised.

It is unclear exactly what you are asking for. You want a single password standard, but you also want to choose weak passwords. These are not compatible. A single global standard would have to be good enough for a throwaway blog account or your bank account.
 
It's a no-win situation really. Easy passwords are easy to guess, but complicated passwords are hard to remember, so people will do dumb things like keep them on a post-it note attached to their monitor.

We have some pretty strict password requirements at my university where I also work in IT, and I've heard on more than one occasion from employees there say to me on the phone "If whoever comes out to fix my computer needs to login to my account, my password's written on the post-it note on my monitor." Umm....no, how about you make an effort to remember your password (you use it several times a day, how hard can it be to memorize it?) and we'll have you login for us if needed. But of course, if we had no requirements, people would use dumb things like "dog" for their password that a dictionary brute force attack will crack in 10 seconds.
 
We see the same things at work. Passwords must consist of any 3 of lowercase letters, uppercase letters, numbers, or symbols. So we end up with things like "Pa$$word" and "Monday1". Alternatively we end up with things like "dfjY7nf56T", written down near the computer.
 
Nermal said:
We see the same things at work. Passwords must consist of any 3 of lowercase letters, uppercase letters, numbers, or symbols. So we end up with things like "Pa$$word" and "Monday1". Alternatively we end up with things like "dfjY7nf56T", written down near the computer.
Click to expand...


We've got similar requirements, don't know what they are off the top of my head. One of the easiest ways to make a password like that is to chose a word (preferably a phrase; the longer the better) and spell it in leet. Of course, the trick is, you need to know leet, and most people don't ;)
 
yg17 said:
It's a no-win situation really. Easy passwords are easy to guess, but complicated passwords are hard to remember, so people will do dumb things like keep them on a post-it note attached to their monitor.

We have some pretty strict password requirements at my university where I also work in IT, and I've heard on more than one occasion from employees there say to me on the phone "If whoever comes out to fix my computer needs to login to my account, my password's written on the post-it note on my monitor." Umm....no, how about you make an effort to remember your password (you use it several times a day, how hard can it be to memorize it?) and we'll have you login for us if needed. But of course, if we had no requirements, people would use dumb things like "dog" for their password that a dictionary brute force attack will crack in 10 seconds.
Click to expand...

Funny thing is, my parents did this back in the day when they had a filter on our computer. Took me 1 day before I figured it out.

I am all for tough passwords, but I wish there was consistency. By all means, make all passwords require a number, but make it consistent (at least one the internet).
 
yg17 said:
We've got similar requirements, don't know what they are off the top of my head. One of the easiest ways to make a password like that is to chose a word (preferably a phrase; the longer the better) and spell it in leet. Of course, the trick is, you need to know leet, and most people don't ;)
Click to expand...

Lots of dictionary attackers try common leet variants these days. Given the limited mappings available, leet only marginally increases the complexity of the password, so it's no longer a useful trick for a single word password. I've been liking the "Memorable" passwords you can generate when creating a new Password Item in Keychain Access.
 
I second the notion that the "Memorable" password creator in Keychain Access is GREAT. I use it whenever I create a password that I'll need to share with other people (such as the WiFi network in my apartment).

A trick that I've used in the past is to think of a phrase that involves a number, then take the first letter of every word in the phrase. Alternate their capitalizations, and add a symbol in the number. For example, "I was born in Corvallis in 1984" would become "iWbIcI19$84".

I do agree that certain standards are really aggravating. I have a standard password that I use for most things, and it involves numbers, a symbol, and both upper- and lower-case. The biggest headache has come when using a particular financial web site that didn't permit symbols and required an eight-character password (my standard password is seven characters long without the symbols). Removing the symbols and adding another character at the end makes it two generations removed from my standard password, so I usually forget that I had to do that. For a while, I had to come up with a NEW password every month because the site wouldn't allow me to create the same password as a new password more than once in six months. Quite vexing.
 
Went to change my bank password today and they don't allow symbols. Seriously? Now I have to memorize a new one.
 
you know what annoys me? my logins at work. i log onto six things daily that require a password, and the criteria is different. one requires three capitals, one requires one capital, two don't need a capital, one doesn't need to be changed, and one is just my first name and never changes. all except the name one have to have two numbers. our user accounts are almost all first initial and last name, one is full name, and one requires "shp_" to be placed in front of the user name. two of my log ons still have my last name spelled wrong.

and the icing on the cake, we need to change our passwords for all but two log ons every THIRTY days, and they can only be recycled after 12 months. so two weeks after you change it, you're warned that it will expire in 14 days. making us change them every 30 days just forces us to write them down, which is stupid.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back