Are you over 18 and want to see adult content?
More Annotations
A complete backup of pennysaverusa.com
Are you over 18 and want to see adult content?
A complete backup of thecentralvoice.ca
Are you over 18 and want to see adult content?
A complete backup of webandmobile.com
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of myrepurposedlife.net
Are you over 18 and want to see adult content?
A complete backup of keepmemoryalive.org
Are you over 18 and want to see adult content?
A complete backup of studiodumbar.com
Are you over 18 and want to see adult content?
A complete backup of mrholmesbakehouse.com
Are you over 18 and want to see adult content?
A complete backup of brenontheroad.com
Are you over 18 and want to see adult content?
A complete backup of laciviltacattolica.it
Are you over 18 and want to see adult content?
Text
SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.SIMIDAVEBLOG
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem.. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords.Skip to content
SIMIDAVEBLOG
Menu
* Home
* About
* Contact
YOUR PASSWORD IS PROBABLY USELESS, SAYS CODING GURU JEFF ATWOOD.HERE’S WHY
March 21, 2017
readersface
Leave a
comment
Jeff Atwood argues that sometimes users will pick bad passwords to get around ill-considered requirements.Image: iStock
Programmer community Stack Overflow’s Jeff Atwood has laid out a few home truths about horrible password policies that annoy experts, confuse users, and make everyone less secure. The internet is filled with examples, often perpetrated by major brands, of sites failing their users with bad password policies and poor practices, such as emailing users passwords in the clear. The worst passwords of 2016 are as lazy as ever Please, stop using “123456.”* Read More
Atwood decries the state of password policies in a new post entitled ‘Password rules are bull****’, pointing to three password-shaming sites that demonstrate the extent of the problem. He highlights that some commonly used password rules end up preventing people from using random password generators and instead encourage them to pick short and easy-to-crack passwords. “These days, given the state of cloud computing and GPU password hash cracking, any password of eight characters or fewer is perilously close to _no password at all_,” he writes. That figure of eight characters was the number Atwood set two years ago when he was building the password feature in his new site, Discourse. He’s since updated that figure to a 10-character minimum for users and 15 characters for site admins and moderators. However, as he points out, rules requiring long passwords don’t necessarily encourage users to create unique passwords. Sometimes users will then pick bad passwords to get around the requirements. And rules that attempt to enforce higher entropy in passwords, such as one containing at least one uppercase, lowercase, a number, and a special character don’t serve the user well, particularly if these rules prevent people from using a random password generator. Still, his research into leaked passwords found that password length is an important factor. For example, only five of the top 25 passwords are 10 characters in length. This rule should then reduce a site’s exposure to the most common passwords. His advises developers to avoid password composition rules, pointing to a recent recommendation from NIST on this issue. “It’s right there, ‘No composition rules’. However, I do see one error, it should have said, “No _bull****_ composition rules”,” writes Atwood. Developers should however enforce a minimum Unicode password length, but he warns: “Accept that even this one rule isn’t inviolate. A minimum password length of six on a Chinese site _might_ be perfectly reasonable. A 20-character password _can_ be ridiculously insecure.” Another rule of his is to check and prevent users from picking common passwords exposed in data breaches. “There’s _no question_ that a hacker will submit these common passwords in a hack attempt, and it’s shocking how far you can get, even with aggressive password attempt rate limiting,” he writes. One rule he admits getting wrong on Discourse was enforcing a 10-character rule but allowing users to pick a password such as‘aaaaaaaaaa’.
Finally, developers should prevent certain special-case passwords, such as ones that are the username or email address of the user, or ones that use the name of the site or app. “In short, try to think outside the password input box, like a userwould,” he notes
Advertisements
Report this ad
Advertisements
Report this ad
FIRST BLOG POST
June 15, 2016
readersface
Leave a
comment
This is your very first post. Click the Edit link to modify or delete it, or start a new post . If you like, use this post to tell readers why you started this blog and what you planto do with it.
Create a free website or blog at WordPress.com.Post to
Cancel
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use. To find out more, including how to control cookies, see here: CookiePolicy
* Follow
*
* simidaveblog
* Customize
* Follow
* Sign up
* Log in
* Report this content * Manage subscriptions* Collapse this bar
Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0