It ain’t fair to Fido! Or what used to be Spot. Or Rocky, Buddy, Max, Bailey, etc.. Do we really have to name our dogs uUtysz2052x*@$? That may make for a good password but it ain’t a fun name to say. Plus, how the hell are we ever going to remember that/how the hell can a dog respond to that? [Reddit via The Daily What]
Online
We Can’t Keep Changing Our Passwords
Gizmodo Is Hiring a PHP Developer!
Take pride in writing clean code? We’re looking for an autonomous PHP developer to join our rapidly-growing team at Allure Media. Apply within.
How's this news or an article?
No news or article, though it kicked off some productive comments - thanks to @Bruwer and @thesorehead, I will now be using passphrases.
Last edited December 10, 2012 4:18 pm
Haha, very funny.
Nobody should be using passwords anymore.
Pass phrases are in.
"Fidofetchtheballnow"
Indeed. Most of my passwords are phrases now (with some numbers for good measure) thanks to this:
http://xkcd.com/936/
I get really frustrated when a sysem limits the length of my password!
I was witness to a passionate rant against "strong passwords" on Friday:
"I'm f$@king sick to death of over-the top password policies. If your password is so long/complex/unremembered that you need to write it down on a piece of paper, it's not a f$#king strong password any more is it? My webmail provider has a "stronger" password policy than my bank - who gives a f&*k if someone hacks my email!?
My bank is intelligent with their password policy - it's not "strong", it doesn't require a ludicrous upper-lower-number-symbol combination. All it does is lock you out after three incorrect attempts, after which you have to personally contact the bank to unlock it. Perfect. My bank password could be "a" and it would still be more secure than my email account with a password of "e%RQ#457)gY" and unlimited login attempts. If you can find me an algorithm that can brute-force even a one-character password within three attempts, you're a better man than me."
"who gives a f&*k if someone hacks my email!?" - What a stupid thing to say, let's actually think about this for a second.
Your bank probably, certainly social sites, local councils, landlord, credit-card companies, your employer, licensing organizations all use your E-Mail to verify you, so if someone gets control of your E-Mail account they typically can change anything to do with any of these organisations.
Even if they don't, if they have control of your E-Mail they have control of enough of your identity to allow them to rack-up large debts in your name, leaving you with a very unpleasant fight on your hands to prove that you're not responsible for it. (Even if you win that fight, there can be flow on effects to your credit-rating for many years after.)
Finally, if someone had control of your E-Mail, especially if they're able to read all the historical E-Mails in there, I think you'll find they have enough information to call your bank and answer enough of the "Security" questions to gain control to your account.
From the description you've given, your bank's security sounds very easy to bypass.
It's typically not about stealing directly from you, it's about racking up a huge debt in your name and leaving you to clean up the mess with debt collectors.
I know, I think he was just being hyperbolic (he gets carried away sometimes) or referring to a throwaway Hotmail account or something.
His point was that forcing users to make passwords so complex that they can't be remembered is counter-productive and that two-factor authentication or "three strikes you're out" is much more effective.