|
Kent Sharkey wrote: For those who wondered, "Can they make Eclipse any slower?"
Seriously caused uproarious LOL!!
And, to answer, I think it can only theoretically get any slower since, according to human perception Eclipse has entirely stopped while loading / building / spinning / churning etc.
Good news: things have to get better. Bad news: They can't get any worse.
|
|
|
|
|
The idea that computer users should use long, complex passwords is one of computer security's sacred cows. Or maybe admins could stop allowing people to download the full list of passwords?
|
|
|
|
|
I do wonder which cows aren't sacred.
|
|
|
|
|
The pink ones with the curly tails.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Yeah. Chop them up into lovely pink burgers! (Pink with straight tails though - totally sacred)
TTFN - Kent
|
|
|
|
|
Same answer as every other time the question is asked: yes, we do.
Now, they explain why we use long and strong passwords in the second paragraph. Bravo for that. Next they claim that since people ignore security that the preceeding advice is wrong.
So, if people forget to lock the front-door, the writer recommends using something simpeler? Implying a short string is preferable over a long chain? Attackers cannot subject a system to too many guesses because of the amount of activity their attack generates. An attacker sending one guess per second per account would likely generate thousands or even tens of thousands of times the normal level of login traffic. That is assuming that they try each password on each account. I would not recommend writing complete articles recommending a security-strategy based on assumptions.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Implying a short string is preferable over a long chain?
If a short one is memorized... IMHO is definitively better than a post it on the monitor with the complicated one
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Nelek wrote: a post it on the monitor
That's not the password's fault.
|
|
|
|
|
PIEBALDconsult wrote: That's not the password's fault
I know... and that is exactly the point, the biggest security risk are the users themselves.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Nelek wrote: If a short one is memorized... IMHO is definitively better than a post it on the
monitor with the complicated one Longer does not mean more complex; and you don't have to store what you can calculate or derive.
The first phrase of a song. Two half phrases from a book. The top five curses that come to mind when hitting your thumb with a hammer. The main-ingredients for chilli.
Replace the spaces with some other separator of your choosing. Mix languages if you speak more than one, or replace/omit certain characters.
In1het1begin1there1was1nothing1was1explodierte.
Unless you have a password-manager, then one can simply generate a GUID
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
You don't need to explain me how to construct passwords. Explain it to the one 60+ years old (whatever you want to imagine), that doesn't even remember the plate number of his/her car, his own telephone, the PIN of the credit card...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Nelek wrote: Explain it to the one 60+ years old If it works for someone @59, I do not see why it would no longer work @60.
Nelek wrote: that doesn't even remember the plate number of his/her car, his own telephone,
the PIN of the credit card... Does this hypothetical person remember his own name?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Even with the post-it, access to the password is restricted to people with physical access to the machine. A weak password is guessable by the whole world.
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
The answer is no. You just need to program the security system intellegently.
It's quite simple, you only allow x amount of wrong password attempts and further attempts from the same IP address are blocked (but not blocked from different IP addresses - that stops hackers from provoking lock-outs)
|
|
|
|
|
Length is not only required to make brute-force attacks harder; it also makes it harder to copy the password by simply looking over a shoulder. It is relatively easy to do for anything that consists of a just a few characters, and a little practice gets you a long way.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
No. Long passwords waste users time and are not necessary. If you actually read the article it explains why.
|
|
|
|
|
I did and refuted the statements with arguments.
Did I miss any? If yes, I'd like to know, as it is actually the equivalent of installing a Raspberry Pi on your front door to open it with a "secret knock". Any argument in favor of that should be easily refuted.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
No, you didn't. The article states enforcing a password try limit ( IP specific, as I mentioned) would stop brute force attacks and thus save the user from requireing to memorise unwieldly long passwords. You have not refuted this at all.
|
|
|
|
|
ed welch wrote: No, you didn't. I clearly stated that the length of the password is not only there to prevent brute-password attacks.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
“In my world, you’re not a real business until you make some money. I have a hard time with businesses that don’t make money at some point.” "Just remember, it's a grand illusion"
|
|
|
|
|
And we all know that Ballmer's world is completely separate from reality.
What do you get when you cross a joke with a rhetorical question?
---
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
|
|
|
|
|
He is every bit as nuts as we thought he was.
|
|
|
|
|
No offense. Just want to say this guy is the biggest lesson of why we should never hire a CEO who studied business or economies in tech company. Don't get me wrong, I'm not saying that he can't do a thing. There are definitely areas that he is good at. But being a CEO of company like Microsoft just makes him act like a fool.
|
|
|
|
|
Robert Vandenberg Huang wrote: act like a fool It's not an act.
If your actions inspire others to dream more, learn more, do more and become more, you are a leader.-John Q. Adams You must accept one of two basic premises: Either we are alone in the universe, or we are not alone in the universe. And either way, the implications are staggering.-Wernher von Braun Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.-Albert Einstein
|
|
|
|
|
I suspect that Amazon just conveniently hide profits to avoid paying taxes.
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|