|
No doubt you are correct but it seems to me by enforcing strong passwords the user is then forced to utilize a password manager I thought the days of writing passwords on pieces of paper were over as password managers solve the problem once and for all - Cheerio
|
|
|
|
|
Password managers raise their own set of problems: most - rightly - require a login of some form, and that password is also either going to be weak or ... written down.
And a insecure password guarding a whole bunch of strong passwords is a real nightmare!
Think of the password manager in Chrome: it stores all online passwords for you, but to find out what they were all you have to do is provide your Google password!
This is why Windows 10 doesn't want to use passwords any more, preferring a PIN, fingerprint, or face recognition, and why banks use OTP codes sent to your physical phone.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
For sites involving a real need for security, I just use quotations from different literary works ranging from the bible to Chaucer, quotations with which I am very familiar. The catch is there are always two quotations in each password, and always from different works. Then I just write down a key in the unlikely event that I should forget one, the key being the position of the two works on my bookshelves and some guide to location within the book if it includes more than one work. An example of a key: 2,2,8,4;6,3,14. I don't even need to stand up to see the titles, which will automatically remind me of the quotations.
I keep the key list on my phone, so even if you nicked that, you would still have to burgle the house!
|
|
|
|
|
This is why I like the new MS-Edge. Microsoft scans the dark web for credential caches and reports to me when one of my userid/password combinations has been breached.
|
|
|
|
|
Chrome and Firefox do the same thing. Edge was late to that party.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
PaltryProgrammer wrote: why the software permits such as password strength I believe the answer is ignorance (or absence) of the organizations' CSO. Today, it's trivial to enforce a sensible password policy that will reduce the risk of break-ins by guessing passwords. My company uses MFA to sign in to the VPN and a one-week-cached MFA scheme for all other access. Login passwords are required to be changed every 90 days and a strong (but not inconvenient) password policy is enforced.
It's not really that hard to put basic security in place.
/ravi
|
|
|
|
|
PaltryProgrammer wrote: password strength I presume can easily be calculated Indeed :
If (length(password)<128) print "Password is too short" Correct Horse Battery Stable !!
|
|
|
|
|
Then you'd know the password of half the population
"qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm"
GCS d--(d-) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
Rage wrote: Correct Horse Battery Stable !!
This would pass the dictionary test, but "Correct Horse Battery Staple!!" wouldn't.
|
|
|
|
|
Mine is "50BloodyBoiledCabbagesYouStupidIdiotGiveMeAccessNow!"
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- Never argue with a fool. Onlookers may not be able to tell the difference. Mark Twain
|
|
|
|
|
PaltryProgrammer wrote: I seek your kind and knowledgeable assistance With what, exactly? It's all opinions and conjectures at best.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
Hackers assume passwords are complex and don't try simple ones.
Make a simple password and you're safe.
Well, actually, it's more a matter of ensuring that hackers have to attempt both simple and complex passwords.
|
|
|
|
|
obligatory xkcd
Keep Calm and Carry On
|
|
|
|
|
I once worked for a customer who wanted an EDI service so their suppliers could fetch data from the service.
There was no GUI of any kind, so IT would create an account with a password and send it to their suppliers.
After about two years I found out the passwords they used were 00000001, 00000002, 00000003, etc.
The horror doesn't end there, they then saved the user name and password (which I hashed, and can't retrieve) into an Excel sheet so they could always send the password to the supplier in case they forgot
I then automated password creation so they got a reasonably secure password and show it on screen only once after creating the account.
Regenerating a password is as easy as ticking the "new password" box.
Obviously, I got the question if I could simply show the old password, which I can't and flat-out refused.
They still save passwords in Excel
We're talking about a professional IT department here in a company with 100's of employees and multiple branches in multiple countries
To be fair, their suppliers barely even know how to start a computer, let alone open an application and enter credentials.
I've had to give their suppliers support on their own applications multiple times because "it didn't work", a couple of times because their password changed and they didn't know how to re-enter it, one time because they used a date filter
On one occasion I simply called, stated my name and they just gave me their credentials so I could test them
To answer your question: it seems the average brain stores IQ in a bit, it's either off or 1
|
|
|
|
|
I announced a little fair (7)
I EYE
announced (sounds like)
a little SOME
fair
EYESOME[^]
(Word of the day!)
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Eye(I) actually worked that out but didn't think it was a word - well done
"I didn't mention the bats - he'd see them soon enough" - Hunter S Thompson - RIP
|
|
|
|
|
pkfox wrote: but didn't think it was a word
Yet you came up with "Eistedd"?
|
|
|
|
|
It's Welsh for "Sitting", normally met as part of "Eisteddfod" or "Be sitting", "Sitting Together" - a festival of poetry and music (among other things).
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OriginalGriff wrote: Eisteddfod Reminds me that I (Bard Bryn Newydd) was part of the school Eisteddfod some 67/68 years ago.
|
|
|
|
|
First time I see that world! Wonder if there are more, thanks for sharing thought!
|
|
|
|
|
Only Microsoft could some up with an operating system that will only run on 50% of computers. My laptop specs:
- 64 GB Ram
- 4.5 TB of SSD
- Core i7-7700 CPU at 2.8 Ghz
Sorry, I can't run Windows 11. Apparently a 3 year old high end Intel CPU isn't good enough. Interestingly, it appears that only 8th generation and newer Intel CPUs will automatically update, but one will be able to manually install Windows 11 by downloading an iso file. wtf? What's funny is that I cannot find any reason the core i7s are not supported other than
Quote: Compatibility. Windows 11 is designed to be compatible with the apps you use. It has the fundamentals of >1GHz, 2-core processors, 4GB memory, and 64GB of storage, aligning with our minimum system requirements for Office and Microsoft Teams.
Nothing else can I find that says "i8+ processors added xyz feature and Windows 11 needs that." What's hilarious is that when MS announced this, users and the press pointed out that MS was still selling a Surface Pro that would no longer be supported. Shortly thereafter, in typical MS fashion, they went back and "added" support for this seventh generation processor, but only that one.
Solves my upgrade concerns, but seriously Microsoft, what are you going to do about all of the virtual machines out there? Oh, wait, download the ISO file. Only Microsoft would force a hardware solution on their users due to their crappy OS security.
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
charlieg wrote: Only Microsoft could some up with an operating system that will only run on 50% of computers Ya, no other companies do things like that.
|
|
|
|
|
lol, but at least Apple admits it via their controlled eco system. Microsoft is just blowing smoke.
For example, MS will allow you to install 11 manually, but they "won't guarantee trouble free operation". Like they do now?
That made me laugh. I actually think that behind the scenes MS is desperately trying to shore up security.
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
charlieg wrote: I actually think that behind the scenes MS is desperately trying to shore up security.
Are you suggesting that's a bad thing?
|
|
|
|
|
Not at all. I think they need all the help they can get.
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|