Passwords

Discussion in 'Community Discussion' started by cycocelica, Mar 30, 2008.

  1. cycocelica macrumors 68000

    cycocelica

    Joined:
    Apr 28, 2005
    Location:
    Redmond, WA
    #1
    You know what annoys me, web site passwords.

    There is no standard for them and it frustrates me. One site will only allow six letters or numbers, others require a minimum of six letters or numbers. Some require a number, while others you are free to do whatever.

    Now I understand that most of this is for security reasons, but let the people decided what is secure to them or not. I know internet security is a big issue but I will decide what I want to keep really secure and what I don't care about.

    I also know there are programs like 1Password that will allow one password for all, but for the everyday consumer they don't know these exists. I really think there should be a standard for passwords all across the internet. It bugs me that something I don't think needs to be all that secure, I have to use a number . Is this just me.
     
  2. iBookG4 FTW macrumors member

    iBookG4 FTW

    Joined:
    Dec 23, 2007
    Location:
    Texas
    #2
    yeah, it's a pain. luckily, my password for everything is eight letters anyway, and i just stick a "1" onto it if sites require it. (lthough one site i went to once required two numbers, that was a bit odd...)
     
  3. Gelfin macrumors 68020

    Gelfin

    Joined:
    Sep 18, 2001
    Location:
    Denver, CO
    #3
    In many cases the risk posed by weak passwords extends well beyond the user himself. The administrator of a service has a vested interest in your account not being too easily compromised.

    It is unclear exactly what you are asking for. You want a single password standard, but you also want to choose weak passwords. These are not compatible. A single global standard would have to be good enough for a throwaway blog account or your bank account.
     
  4. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #4
    It's a no-win situation really. Easy passwords are easy to guess, but complicated passwords are hard to remember, so people will do dumb things like keep them on a post-it note attached to their monitor.

    We have some pretty strict password requirements at my university where I also work in IT, and I've heard on more than one occasion from employees there say to me on the phone "If whoever comes out to fix my computer needs to login to my account, my password's written on the post-it note on my monitor." Umm....no, how about you make an effort to remember your password (you use it several times a day, how hard can it be to memorize it?) and we'll have you login for us if needed. But of course, if we had no requirements, people would use dumb things like "dog" for their password that a dictionary brute force attack will crack in 10 seconds.
     
  5. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #5
    We see the same things at work. Passwords must consist of any 3 of lowercase letters, uppercase letters, numbers, or symbols. So we end up with things like "Pa$$word" and "Monday1". Alternatively we end up with things like "dfjY7nf56T", written down near the computer.
     
  6. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #6

    We've got similar requirements, don't know what they are off the top of my head. One of the easiest ways to make a password like that is to chose a word (preferably a phrase; the longer the better) and spell it in leet. Of course, the trick is, you need to know leet, and most people don't ;)
     
  7. cycocelica thread starter macrumors 68000

    cycocelica

    Joined:
    Apr 28, 2005
    Location:
    Redmond, WA
    #7
    Funny thing is, my parents did this back in the day when they had a filter on our computer. Took me 1 day before I figured it out.

    I am all for tough passwords, but I wish there was consistency. By all means, make all passwords require a number, but make it consistent (at least one the internet).
     
  8. Gelfin macrumors 68020

    Gelfin

    Joined:
    Sep 18, 2001
    Location:
    Denver, CO
    #8
    Lots of dictionary attackers try common leet variants these days. Given the limited mappings available, leet only marginally increases the complexity of the password, so it's no longer a useful trick for a single word password. I've been liking the "Memorable" passwords you can generate when creating a new Password Item in Keychain Access.
     
  9. Daveman Deluxe macrumors 68000

    Daveman Deluxe

    Joined:
    Jun 17, 2003
    Location:
    Corvallis, Oregon
    #9
    I second the notion that the "Memorable" password creator in Keychain Access is GREAT. I use it whenever I create a password that I'll need to share with other people (such as the WiFi network in my apartment).

    A trick that I've used in the past is to think of a phrase that involves a number, then take the first letter of every word in the phrase. Alternate their capitalizations, and add a symbol in the number. For example, "I was born in Corvallis in 1984" would become "iWbIcI19$84".

    I do agree that certain standards are really aggravating. I have a standard password that I use for most things, and it involves numbers, a symbol, and both upper- and lower-case. The biggest headache has come when using a particular financial web site that didn't permit symbols and required an eight-character password (my standard password is seven characters long without the symbols). Removing the symbols and adding another character at the end makes it two generations removed from my standard password, so I usually forget that I had to do that. For a while, I had to come up with a NEW password every month because the site wouldn't allow me to create the same password as a new password more than once in six months. Quite vexing.
     
  10. cycocelica thread starter macrumors 68000

    cycocelica

    Joined:
    Apr 28, 2005
    Location:
    Redmond, WA
    #10
    Went to change my bank password today and they don't allow symbols. Seriously? Now I have to memorize a new one.
     
  11. amanda kathryn macrumors regular

    Joined:
    Feb 18, 2008
    #11
    you know what annoys me? my logins at work. i log onto six things daily that require a password, and the criteria is different. one requires three capitals, one requires one capital, two don't need a capital, one doesn't need to be changed, and one is just my first name and never changes. all except the name one have to have two numbers. our user accounts are almost all first initial and last name, one is full name, and one requires "shp_" to be placed in front of the user name. two of my log ons still have my last name spelled wrong.

    and the icing on the cake, we need to change our passwords for all but two log ons every THIRTY days, and they can only be recycled after 12 months. so two weeks after you change it, you're warned that it will expire in 14 days. making us change them every 30 days just forces us to write them down, which is stupid.
     

Share This Page