[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] password must contain multiple character classes...
|
From: |
Bob Proulx |
|
Subject: |
Re: [Savannah-users] password must contain multiple character classes... |
|
Date: |
Fri, 5 Apr 2013 00:46:17 -0600 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Kaz Kylheku wrote:
> Miles Bader wrote:
> > address@hidden (Karl Berry) writes:
> >> How is your password "much" better? Using non-alphanumeric
> >> characters? I thought they were allowed even though the message
> >> doesn't mention them.
The whole concept of a favorite password bothered me. Because it
means that passwords are being reused. Reusing passwords is bad.
> > I think there's a pretty general consensus by now that this sort of
> > requirement ("must contain a digit and a punctuation symbol" or
> > whatever) does more harm than good. Most certainly it's annoying...
>
> It's completely retarded. It only induces people to choose weak
> passwords.
> Must contain a capital? Okay, capitalize the dictionary word.
> Must contain a digit? Okay, stick a one on it, or replace an o with 0.
>
> There should be a choice: numbers and glyphs, or make it longer.
> I'd rather type a password phrase with multiple words and spaces.
I just use completely random passwords these days. No "favorite"
passwords for me. I have far too many accounts to remember each one.
Therefore I do write them down and simply cut and paste them.
Why passwords have never been weaker—and crackers have never been stronger
http://arstechnica.com/security/2012/08/passwords-under-assault/
From the article:
"The average Web user maintains 25 separate accounts but uses just
6.5 passwords to protect them..."
And of course XKCD also addresses this too:
Password Reuse
http://xkcd.com/792/
Bob