Password De-Complexity
-
I've noticed with several sites I have an account with that they no longer allow special characters in passwords. That seems like a move in the wrong direction. Special characters allow passwords to be more complex so I wonder why some are making this change. Has anyone else noticed this?
There are only 10 types of people in the world, those who understand binary and those who don't.
Yes and I can't understand why - ASCII is ASCII is ASCII after all - and I hate it as elephant.
DURA LEX, SED LEX GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver When I was six, there were no ones and zeroes - only zeroes. And not all of them worked. -- Ravi Bhavnani
-
Yes and I can't understand why - ASCII is ASCII is ASCII after all - and I hate it as elephant.
DURA LEX, SED LEX GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver When I was six, there were no ones and zeroes - only zeroes. And not all of them worked. -- Ravi Bhavnani
in that case there still is EBCDIC[^].
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a fucking golf cart.
"I don't know, extraterrestrial?" "You mean like from space?" "No, from Canada." If software development were a circus, we would all be the clowns. -
I've noticed with several sites I have an account with that they no longer allow special characters in passwords. That seems like a move in the wrong direction. Special characters allow passwords to be more complex so I wonder why some are making this change. Has anyone else noticed this?
There are only 10 types of people in the world, those who understand binary and those who don't.
-
in that case there still is EBCDIC[^].
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a fucking golf cart.
"I don't know, extraterrestrial?" "You mean like from space?" "No, from Canada." If software development were a circus, we would all be the clowns.Sorry, I have written poorly: I mean that an ASCII character is equal to any other ASCII character for the purposes of both internationality and cryptography. Why A-Z is ok and $ is not? I hate the sites that disallow "special" characters because they weaken security for... what, exactly?
DURA LEX, SED LEX GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver When I was six, there were no ones and zeroes - only zeroes. And not all of them worked. -- Ravi Bhavnani
-
I've noticed with several sites I have an account with that they no longer allow special characters in passwords. That seems like a move in the wrong direction. Special characters allow passwords to be more complex so I wonder why some are making this change. Has anyone else noticed this?
There are only 10 types of people in the world, those who understand binary and those who don't.
No idea why you need special characters... I use 1234 everywhere...
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
-
Yes and I can't understand why - ASCII is ASCII is ASCII after all - and I hate it as elephant.
DURA LEX, SED LEX GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver When I was six, there were no ones and zeroes - only zeroes. And not all of them worked. -- Ravi Bhavnani
In that case I can offer EBCDIC
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a fucking golf cart.
"I don't know, extraterrestrial?" "You mean like from space?" "No, from Canada." If software development were a circus, we would all be the clowns. -
using gesture or swipe input on mobiles, too hard to do some of the specials
Sin tack ear lol Pressing the "Any" key may be continuate
-
No idea why you need special characters... I use 1234 everywhere...
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
For many everything that comes after 3 already is a special character.
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a fucking golf cart.
"I don't know, extraterrestrial?" "You mean like from space?" "No, from Canada." If software development were a circus, we would all be the clowns. -
I've noticed with several sites I have an account with that they no longer allow special characters in passwords. That seems like a move in the wrong direction. Special characters allow passwords to be more complex so I wonder why some are making this change. Has anyone else noticed this?
There are only 10 types of people in the world, those who understand binary and those who don't.
actually, they've determined that the hackers can easily replicate shoving in those few extra special characters into their password generators and they only serve to make the passwords more difficult to remember for users. The best information on passwords is that they should be : 1. much longer (my application generates 64 char passwords based upon the SHA256 hash) 2. not based upon words -- this protects from any kind of dictionary attack -- which basically all the hacker attacks which attempt to reverse passwords are based upon I've just written an blog article on this recently (pulled from my blog) ==> How Hackers Crack Passwords (part 1)[^] The paradigm shift that people can't get over with C'Ya Pass is that you never have to memorize a password again and they aren't stored anywhere. They're generated every time for your use. I apologize if this sounded a bit like gratuitous self promotion, but I'm really passionate about this whole (stupid) password thing. Passwords are terrible.
My book, Launch Your Android App, is available at Amazon.com (only $2.99USD over 350 pages). Get my Android app on Google Play and F*orget All Your Passwords.
-
using gesture or swipe input on mobiles, too hard to do some of the specials
Sin tack ear lol Pressing the "Any" key may be continuate
Typing passwords on mobile devices is the worst! That's one of the big reasons I created C'Ya Pass so you never have to type a password again. You can get the free Android version right now. This really isn't spam. It's totally related. You can read my articles here where I formulated this new idea of generating passwords that are SHA256 hashes (probably as unhackable as a password could ever be). You can also get the windows version of C'Ya Pass at my site: C'YaPass: F*orget All Your Passwords | Never Memorize A Password Again <br/> Never Type A Password Again <br/> Never Make Up A Password Again[^] I'm really not trying to be spammy. You can read all about technology behind this here at CP in my articles.
My book, Launch Your Android App, is available at Amazon.com (only $2.99USD over 350 pages). Get my Android app on Google Play and F*orget All Your Passwords.
-
actually, they've determined that the hackers can easily replicate shoving in those few extra special characters into their password generators and they only serve to make the passwords more difficult to remember for users. The best information on passwords is that they should be : 1. much longer (my application generates 64 char passwords based upon the SHA256 hash) 2. not based upon words -- this protects from any kind of dictionary attack -- which basically all the hacker attacks which attempt to reverse passwords are based upon I've just written an blog article on this recently (pulled from my blog) ==> How Hackers Crack Passwords (part 1)[^] The paradigm shift that people can't get over with C'Ya Pass is that you never have to memorize a password again and they aren't stored anywhere. They're generated every time for your use. I apologize if this sounded a bit like gratuitous self promotion, but I'm really passionate about this whole (stupid) password thing. Passwords are terrible.
My book, Launch Your Android App, is available at Amazon.com (only $2.99USD over 350 pages). Get my Android app on Google Play and F*orget All Your Passwords.
raddevus wrote:
more difficult to remember for users.
That's fine. So, don't make it required. My problem is they are preventing you from using a special character.
There are only 10 types of people in the world, those who understand binary and those who don't.
-
raddevus wrote:
more difficult to remember for users.
That's fine. So, don't make it required. My problem is they are preventing you from using a special character.
There are only 10 types of people in the world, those who understand binary and those who don't.
Oh, very good point. That's ridiculous that they don't allow it. What? I use my app exclusively for my own passwords and I'm always annoyed when sites tell me that I have to use a special char, because with my app my passwords now look like: 1. cf82bb8b015707c5cef11942b88bb058d3795f4dcae551e65ea72891333a1384 2. ea50612a6d5dde56c7a826cc03317e99c2f2f5547b0bd0b5e985ac27883b8242 Those are extremely strong because they are long and not based upon words. Those silly password checkers will say they are of medium complexity. :sigh: The industry has a lot to learn.
My book, Launch Your Android App, is available at Amazon.com (only $2.99USD over 350 pages). Get my Android app on Google Play and F*orget All Your Passwords.
-
Oh, very good point. That's ridiculous that they don't allow it. What? I use my app exclusively for my own passwords and I'm always annoyed when sites tell me that I have to use a special char, because with my app my passwords now look like: 1. cf82bb8b015707c5cef11942b88bb058d3795f4dcae551e65ea72891333a1384 2. ea50612a6d5dde56c7a826cc03317e99c2f2f5547b0bd0b5e985ac27883b8242 Those are extremely strong because they are long and not based upon words. Those silly password checkers will say they are of medium complexity. :sigh: The industry has a lot to learn.
My book, Launch Your Android App, is available at Amazon.com (only $2.99USD over 350 pages). Get my Android app on Google Play and F*orget All Your Passwords.
raddevus wrote:
Those silly password checkers will say they are of medium complexity.
Ya, sure. I was only off by one character when I tried to guess your password. :laugh:
There are only 10 types of people in the world, those who understand binary and those who don't.
-
raddevus wrote:
more difficult to remember for users.
That's fine. So, don't make it required. My problem is they are preventing you from using a special character.
There are only 10 types of people in the world, those who understand binary and those who don't.
Exactly! Why should people with real keyboards suffer because of the witless hordes whose entire life is enshrined in a hand-held device? This also implies that yes, indeed, I've noticed this. There's even a financial institution I used that doesn't allow special characters (like an underscore!) in usernames or passwords. Well - in a world that targets dumbing down as much as possible I raised my kids to be knowers-of-things (didn't let them use calculators until HS, and then, only when essential). Essentially, a greedy concept that my progeny will be lions amongst the sheep.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
raddevus wrote:
Those silly password checkers will say they are of medium complexity.
Ya, sure. I was only off by one character when I tried to guess your password. :laugh:
There are only 10 types of people in the world, those who understand binary and those who don't.
You have the fantastic ability of generating SHA256 hashes completely from memory. :) There are only more of them than there are stars in the universe so it's easy. :laugh:
My book, Launch Your Android App, is available at Amazon.com (only $2.99USD over 350 pages). Get my Android app on Google Play and F*orget All Your Passwords.
-
I've noticed with several sites I have an account with that they no longer allow special characters in passwords. That seems like a move in the wrong direction. Special characters allow passwords to be more complex so I wonder why some are making this change. Has anyone else noticed this?
There are only 10 types of people in the world, those who understand binary and those who don't.
When people use funny characters in their password my code doesn't work
string sql = "insert into users (username, password) values ('" + TextBox19.Text + "', '" + TextBox6.Text + "')";
How can I stop users using funny characters?
-
I've noticed with several sites I have an account with that they no longer allow special characters in passwords. That seems like a move in the wrong direction. Special characters allow passwords to be more complex so I wonder why some are making this change. Has anyone else noticed this?
There are only 10 types of people in the world, those who understand binary and those who don't.
Because they want you to read your password over the phone to one of their support drones, and "special" characters make that harder to do? Because their code is vulnerable to SQLi, and they don't want you to enter a password of
Robert'); DROP TABLE Students;--? If you ask them, they'll probably tell you it's to increase the security of the site, and they'd lose their certification if they removed the restriction. (Don't bother asking what certification; they won't be able to tell you.) That'll also be the reason why they don't let you paste your password from a password manager; why they restrict the password to a maximum of 8 characters; and why the password isn't case-sensitive. :doh: Whatever the reason, it suggests they're not handling and storing your data properly, and you should probably avoid using that site. If you can't avoid it, make sure you use a unique password that you don't use on any other site, because it's almost certainly going to be stored in plain text. And if at all possible, avoid giving them any personal information, since it's going to end up on a "pastebin" dump before long.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Exactly! Why should people with real keyboards suffer because of the witless hordes whose entire life is enshrined in a hand-held device? This also implies that yes, indeed, I've noticed this. There's even a financial institution I used that doesn't allow special characters (like an underscore!) in usernames or passwords. Well - in a world that targets dumbing down as much as possible I raised my kids to be knowers-of-things (didn't let them use calculators until HS, and then, only when essential). Essentially, a greedy concept that my progeny will be lions amongst the sheep.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
And a couple I've noticed that won't allow a hyphen in an email address... :sigh: No prizes for guessing which "special character" is in my domain name?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
And a couple I've noticed that won't allow a hyphen in an email address... :sigh: No prizes for guessing which "special character" is in my domain name?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
OriginalGriff wrote:
won't allow a hyphen in an email address... :sigh:
That is bad (code word for stupid) I suppose it can get worse (polite way of saying stupider): I've a domain name ending in .info - which is rejected as invalid by a number of places. I didn't test to see what top level domains they think are real - but, well, as we well know: There's no limit to or cure for stupid.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
You have the fantastic ability of generating SHA256 hashes completely from memory. :) There are only more of them than there are stars in the universe so it's easy. :laugh:
My book, Launch Your Android App, is available at Amazon.com (only $2.99USD over 350 pages). Get my Android app on Google Play and F*orget All Your Passwords.
raddevus wrote:
There are only more of them than there are stars in the universe so it's easy
Ya, I needed a challenge after I counted all the stars. :^)
There are only 10 types of people in the world, those who understand binary and those who don't.
