|
Not a reason to remove them, just a reason to not make them mandatory.
|
|
|
|
|
That just means you're not using the right keyboard[^]
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
No idea why you need special characters... I use 1234 everywhere...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
For many everything that comes after 3 already is a special character.
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
Even on your luggage?
Software Zen: delete this;
|
|
|
|
|
That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!
DURA LEX, SED LEX
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
When I was six, there were no ones and zeroes - only zeroes. And not all of them worked. -- Ravi Bhavnani
|
|
|
|
|
But we still use it on our corporate iPads now that a lock code is enforced as accessibility is more important than security for demo apps.
|
|
|
|
|
actually, they've determined that the hackers can easily replicate shoving in those few extra special characters into their password generators and they only serve to make the passwords more difficult to remember for users.
The best information on passwords is that they should be :
1. much longer (my application generates 64 char passwords based upon the SHA256 hash)
2. not based upon words -- this protects from any kind of dictionary attack -- which basically all the hacker attacks which attempt to reverse passwords are based upon
I've just written an blog article on this recently (pulled from my blog) ==> How Hackers Crack Passwords (part 1)[^]
The paradigm shift that people can't get over with C'Ya Pass is that you never have to memorize a password again and they aren't stored anywhere. They're generated every time for your use.
I apologize if this sounded a bit like gratuitous self promotion, but I'm really passionate about this whole (stupid) password thing. Passwords are terrible.
|
|
|
|
|
raddevus wrote: more difficult to remember for users. That's fine. So, don't make it required. My problem is they are preventing you from using a special character.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Oh, very good point.
That's ridiculous that they don't allow it. What?
I use my app exclusively for my own passwords and I'm always annoyed when sites tell me that I have to use a special char, because with my app my passwords now look like:
1. cf82bb8b015707c5cef11942b88bb058d3795f4dcae551e65ea72891333a1384
2. ea50612a6d5dde56c7a826cc03317e99c2f2f5547b0bd0b5e985ac27883b8242
Those are extremely strong because they are long and not based upon words.
Those silly password checkers will say they are of medium complexity.
The industry has a lot to learn.
|
|
|
|
|
raddevus wrote: Those silly password checkers will say they are of medium complexity. Ya, sure. I was only off by one character when I tried to guess your password.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
You have the fantastic ability of generating SHA256 hashes completely from memory.
There are only more of them than there are stars in the universe so it's easy.
|
|
|
|
|
raddevus wrote: There are only more of them than there are stars in the universe so it's easy Ya, I needed a challenge after I counted all the stars.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
RyanDev wrote: Ya, I needed a challenge after I counted all the stars
|
|
|
|
|
Dont s'pose you changed your surname by deed-poll at marriage and that your wife has a father-in-law called Chuck, does she?
|
|
|
|
|
Off by one character, in EVERY character position
|
|
|
|
|
raddevus wrote: Those are extremely strong because they are long and not based upon words.
Those silly password checkers will say they are of medium complexity.
They ain't silly...
12 chars with 26 possibilities (9,54e16 combinations)
10 chars with 52 possibilities (1,445e17 combinations)
Your length is bullish when it comes to complexity
Rules for the FOSW ![ ^]
if(this.signature != "")
{
MessageBox.Show("This is my signature: " + Environment.NewLine + signature);
}
else
{
MessageBox.Show("404-Signature not found");
}
|
|
|
|
|
Best passwords ever, so easy to remember and having characters [0-9a-f] is definitely something no hacker would try, because base-16 is so uncommon within computers. Everyone knows that h4x0rZ use base-23.
|
|
|
|
|
I agree. The point is a sha256 hash is a value on the order of 2^256.
That's 1.1579208923731619542357098500869e+77 -1
So basically we are saying:
My password is one out of the set of all 256-bit numbers. Guess it now.
If you can guess the resultant hash or you have a algorithm that can calculate it then you pwn all computers anyway.
|
|
|
|
|
Each digest is created by adding 65 bytes, 64 digits = 512 bytes which is exactly the length of single-iteration digest, this means this has two iterations, therefore a shorter string exists that could generate exactly the same hash as the one that is hashed by your passwords. Not that it could be guessed in seconds/hours/days/years, but it is not as difficult as this calculation. Basically anything beyond 447 bits does not increase the difficulty.
|
|
|
|
|
Plamen Dragiyski wrote: but it is not as difficult as this calculation.
I agree with you. I was basically summarizing for brevity and generalizing for analogy in order to explain it without all the details. Thanks for adding to the conversation. Always like to think about how to make these things more clear and more correctly explained.
|
|
|
|
|
Exactly!
Why should people with real keyboards suffer because of the witless hordes whose entire life is enshrined in a hand-held device?
This also implies that yes, indeed, I've noticed this. There's even a financial institution I used that doesn't allow special characters (like an underscore!) in usernames or passwords.
Well - in a world that targets dumbing down as much as possible I raised my kids to be knowers-of-things (didn't let them use calculators until HS, and then, only when essential). Essentially, a greedy concept that my progeny will be lions amongst the sheep.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
And a couple I've noticed that won't allow a hyphen in an email address...
No prizes for guessing which "special character" is in my domain name?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OriginalGriff wrote: won't allow a hyphen in an email address... That is bad (code word for stupid)
I suppose it can get worse (polite way of saying stupider):
I've a domain name ending in .info - which is rejected as invalid by a number of places. I didn't test to see what top level domains they think are real - but, well, as we well know:
There's no limit to or cure for stupid.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Too long - everybody knows that ".com" is only three letters...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|