ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Password Complexity, Good or bad?

    Scheduled Pinned Locked Moved IT Discussion
    202 Posts 12 Posters 40.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BRRABillB
      BRRABill @Dashrender
      last edited by

      @Dashrender said:

      Yes, of course it is. but thisisalongpassword is way better than P@ssw0rd

      I originally was questioning @scottalanmiller that

      password
      and
      P@ssw0rd

      are the same to a computer.

      Not arguing anything here. Agree with it all.

      DashrenderD 1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender
        last edited by

        @Dashrender said:

        thisisalongpassword

        according to howsecureismypassword.com

        thisisalongpassword
        0_1458855493627_pass1.JPG

        and P@ssw0rd

        0_1458855525668_pass2.JPG

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender @BRRABill
          last edited by

          @BRRABill said:

          @Dashrender said:

          Yes, of course it is. but thisisalongpassword is way better than P@ssw0rd

          I originally was questioning @scottalanmiller that

          password
          and
          P@ssw0rd

          are the same to a computer.

          Not arguing anything here. Agree with it all.

          He was over simplifying it, sure. But both would be in a pre defined dictionary which would take seconds to crack so he does have that on his side.

          1 Reply Last reply Reply Quote 0
          • Deleted74295D
            Deleted74295 Banned
            last edited by

            http://howsecureismypassword.com/

            Appears to be offline 😛

            BRRABillB 1 Reply Last reply Reply Quote 0
            • BRRABillB
              BRRABill @Deleted74295
              last edited by

              @Breffni-Potter said:

              http://howsecureismypassword.com/

              Appears to be offline 😛

              .NET

              DashrenderD 1 Reply Last reply Reply Quote 0
              • BRRABillB
                BRRABill
                last edited by

                thisisalongpassword = 607 million years

                thisisalongpasswor@ = 3 trillion years

                DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @BRRABill
                  last edited by

                  @BRRABill said:

                  @Breffni-Potter said:

                  http://howsecureismypassword.com/

                  Appears to be offline 😛

                  .NET

                  whoops

                  https://howsecureismypassword.net/

                  BRRABillB 1 Reply Last reply Reply Quote 0
                  • BRRABillB
                    BRRABill @Dashrender
                    last edited by

                    @Dashrender said:

                    whoops

                    https://howsecureismypassword.net/

                    At least it wasn't a porn site.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @BRRABill
                      last edited by

                      @BRRABill said:

                      thisisalongpassword = 607 million years

                      thisisalongpasswor@ = 3 trillion years

                      Is there a real difference? A meaningful difference?

                      BRRABillB 2 Replies Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @BRRABill
                        last edited by

                        @BRRABill said:

                        @Dashrender said:

                        whoops

                        https://howsecureismypassword.net/

                        At least it wasn't a porn site.

                        Why?

                        1 Reply Last reply Reply Quote 0
                        • BRRABillB
                          BRRABill @Dashrender
                          last edited by

                          @Dashrender said:

                          Is there a real difference? A meaningful difference?

                          Yes.

                          I plan to live between those two numbers, so I need the stronger password.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @BRRABill
                            last edited by

                            @BRRABill said:

                            @Dashrender said:

                            Is there a real difference? A meaningful difference?

                            Yes.

                            I plan to live between those two numbers, so I need the stronger password.

                            Just change it at least once between now and then and you should be fine.

                            BRRABillB 1 Reply Last reply Reply Quote 0
                            • BRRABillB
                              BRRABill @Dashrender
                              last edited by

                              @Dashrender said:

                              Is there a real difference? A meaningful difference?

                              My point is that just adding a capital or symbol adds a lot of complexity to the password. It can make a big difference when dealing with shorter passwords. (Say 12 or less.) Why totally take them out of the equation? Especially at the beginning or end of the passphrase? Or on sites that don't allow longer passwords for whatever reason.

                              DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • BRRABillB
                                BRRABill @Dashrender
                                last edited by

                                @Dashrender said:

                                Just change it at least once between now and then and you should be fine.

                                I was planning to just add another @ sign but apparently that is a no-no. 🙂

                                1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @BRRABill
                                  last edited by

                                  @BRRABill said:

                                  @Dashrender said:

                                  Is there a real difference? A meaningful difference?

                                  My point is that just adding a capital or symbol adds a lot of complexity to the password. It can make a big difference when dealing with shorter passwords. (Say 12 or less.) Why totally take them out of the equation? Especially at the beginning or end of the passphrase? Or on sites that don't allow longer passwords for whatever reason.

                                  No one ever said take them out.. just that they aren't a requirement.

                                  the general belief is that the more requirements you put on users, the more they will fight you. So do 12+ and have no requirements - you can suggest that they put in caps, numbers, special characters.. but not required.

                                  BRRABillB scottalanmillerS 3 Replies Last reply Reply Quote 1
                                  • BRRABillB
                                    BRRABill @Dashrender
                                    last edited by

                                    @Dashrender said:

                                    No one ever said take them out.. just that they aren't a requirement.

                                    the general belief is that the more requirements you put on users, the more they will fight you. So do 12+ and have no requirements - you can suggest that they put in caps, numbers, special characters.. but not required.

                                    Got it.

                                    I'm glad you and I had this little discussion!

                                    1 Reply Last reply Reply Quote 0
                                    • larsen161L
                                      larsen161 @JaredBusch
                                      last edited by

                                      @JaredBusch said:

                                      12+ Characters, complexity not needed. 180+ day password cycle.

                                      2FA is always nice, but I would never expect to get it going in a standard office environment.

                                      why would you never expect to get it going in an office?
                                      It's been a straightforward implementation process in all of my last 3 companies.

                                      1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender
                                        last edited by

                                        @larsen161
                                        I won't speak for JB, but for me - it's all around cost.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @Dashrender said:

                                          @larsen161
                                          I won't speak for JB, but for me - it's all around cost.

                                          But you can do that for free.

                                          DashrenderD JaredBuschJ 2 Replies Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Dashrender
                                            last edited by

                                            @Dashrender said:

                                            @BRRABill said:

                                            @Dashrender said:

                                            Is there a real difference? A meaningful difference?

                                            My point is that just adding a capital or symbol adds a lot of complexity to the password. It can make a big difference when dealing with shorter passwords. (Say 12 or less.) Why totally take them out of the equation? Especially at the beginning or end of the passphrase? Or on sites that don't allow longer passwords for whatever reason.

                                            No one ever said take them out.. just that they aren't a requirement.

                                            the general belief is that the more requirements you put on users, the more they will fight you. So do 12+ and have no requirements - you can suggest that they put in caps, numbers, special characters.. but not required.

                                            Exactly, don't block people from using them, that's totally different. You want people making long, hard, but easy for them to remember passphrases. Anything that undermines that undermines your security. So the goal is to provide more options and encouragement towards security, not introducing artificial constraints that add effort and frustration because those things work against security.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 10
                                            • 11
                                            • 3 / 11
                                            • First post
                                              Last post