|
Nish Nishant wrote: It's easier to crack donalduckwasmyfavcharacterasakidinnewyork than to crack donalduckwasmyfavcharacterasakidinnewyork!.
FTFY
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Yeah but a day's difference won't affect something that'd take weeks or months of computational power
|
|
|
|
|
In that case, "It's as easy to crack a$&12Gc# as abd12Gc4", so why prevent special characters?
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
I guess they are trying to encourage people to use passwords that are hard to crack but easy to remember, so they don't write it down on a piece of paper and stick it on their screens.
I am not siding with that idea, and would personally not enforce this rule at my work place. Just trying to guess what their thinking was.
|
|
|
|
|
Possibly.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
The only secure password is one you can't remember.
Seriously, don't try to remember all your passwords; use a password manager. Then you'll only need to remember one master password, and protect the password manager storage.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
People who are multi-lingual have an advantage - they can create cryptically complex passwords that they can easily remember by mixing languages.
Example : thendralbaarishseason
I've mixed a tamil word, a hindi word, and an english word there. What's gibberish to most mono-lingual people is a very easy to remember word for me (I speak 4 languages).
|
|
|
|
|
A-Z, lowercase only, no symbols, no digits.
Methinks your password would be easier to crack than you might think.
|
|
|
|
|
dandy72 wrote: A-Z, lowercase only, no symbols, no digits.
Methinks your password would be easier to crack than you might think.
Trivial to introduce a few upper case letters. My point was that it's more complex than had I used English only words for the same length. Also even with lower case, a 25 length string is harder to crack than a 10 char password that uses both cases, numbers, and symbols.
|
|
|
|
|
Nish Nishant wrote: 25 length string is harder to crack than a 10 char password that uses both cases, numbers, and symbols.
Are you sure about that?
A 25-character password * a pool of (26 possible characters) can be brute-forced in 650 tries.
A 10-character password * a pool of (26 upper + 26 lower + 10 digits + ~20 symbols) require 820 tries to be guessed correctly.
Having written this...I'm tired and my mind has turned to mush a few hours ago and this looks wrong (I know exponentials have to be introduced in there), but even then I think the basic point of my over-simplification is still correct...is it not?
I'm sure the correct math will come to me after I've made a fool of myself...
|
|
|
|
|
dandy72 wrote:
Having written this...I'm tired and my mind has turned to mush a few hours ago and this looks wrong (I know exponentials have to be introduced in there), but even then I think the basic point of my over-simplification is still correct...is it not?
Sorry, your math's not right
A char-set of 26 chars with a length of 25 gives 2.36e+35 permutations.
A char-set of 82 chars with a length of 10 gives 1.37e+19 permutations.
The former is way stronger
|
|
|
|
|
Nish Nishant wrote: Sorry, your math's not right
Hence the disclaimer.
I knew I was way off, and somebody would correct me. Was not disappointed.
|
|
|
|
|
To get back to my original point, what I am trying to convey here is that a longer easier to remember password is often safer than a shorter harder to remember one. That said, it's not all black and white.
|
|
|
|
|
Agreed. Horse-Battery-Staple and all that.
|
|
|
|
|
No, they still stick them to their screens, those that don't come Monday morning, "I can't remember what I used, maybe it was my dogs name .... no, ...., wait, with or without big letters, umm, I'll call support, they were quite quick last week."
Sin tack ear lol
Pressing the "Any" key may be continuate
|
|
|
|
|
When IT policy forces people to change their passwords every 60 days, no wonder they can't remember them
|
|
|
|
|
Ah, security taken to the point of absurdity.
I can see it now....
Next week our company is moving to ten-factor authentication.
Upon login, you will need to provide a password (1). Then you will receive an email with a link to a website(2) which you will provide your telephone number(3). If the telephone number provided is on record, you will receive a passcode(4) via text message. After correctly entering the passcode on the original login splash screen, the system will provide you a unique ten digit key(5) which you will need to complete your authentication process. Do not write down the ten digit key. Go to the bio-metric authentication closet. Enter your ten digit key on the key-pad. The bio-metric closet will open to let you in. Once inside the closet, you will need to use the scanners to provide your fingerprints(6), retina scan(7), plus a blood(8) and stool sample(9). Once you have completed the process and have been successfully authenticated, the system will provide you a unique, one-time-use, 22 character passcode(10) that will allow you to login to your computer. Do not write the passcode down and the passcode will also expire after 120 seconds. If you fail to login to your station before the temporary passcode expires, you will have to repeat the process.
Then the CIO will brag that he has the most secure network in the world.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Because their programmer still needs to grasp that newfangled weirdness called "Unicode" and instead of solving that problem, they shift the problem over to you.
|
|
|
|
|
Not allowing special characters helps a little bit with all of the rules in the linked article. The article is about XSS only. Then there could be SQL injections, command line injections, etc. on top of this.
For maintainability due to XSS, if one developer encodes something in the context of an HTML attribute, and then another developer refactors it and moves the same information into a hidden HTML element or a javascript code block, the second developer better update all of the different encoding rules! This applies to both server and client side code dealing with the data.
XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASP[^]
|
|
|
|
|
I can understand completely if there are segments of the population that are not familiar with what a "special character" is ... unless it was an uncle.
|
|
|
|
|
Could we try a parallel thread wherein we post the thread of follow-ups and O-G has to come up with the original based upon them?
Meanwhile, a proposal for Chris' weekend project: allow for an insert mode for the beginning of the thread.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Pshhhhht! Don't you see that the grandpas have fallen asleep again?
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
I'm not sleeping - I'm just breathing loudly.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
That explains everything. I was already looking out the window to get a look of that steam locomotive.
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
No WE haven't!
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|