What's the third letter of the second name of your great great great great grandson divided by two?
-
Yeah - DoD password requirements are oppressive. A study was done a number of years ago regarding password complexity. The finding was that as complexity increases, security is reduced - because people have to write their passwords down in order to remember them, thus completely defeating the security that the demanded complexity affords. I got you beat though - along with the complexity requirements (at least 16 characters, no more than three consecutive letters or numbers, must include numbers, a mix up upper and lower case letters and special characters, no group of letter can create a word, and every time you change it, it can't be more than 50% similar to one of the last 10 passwords you used), my employer forces a password change every 15 days. This is done for our time sheet app. I mean seriously - WTF!? My strategy is to simply create a GUID in Visual Studio and submit it until one passes their absurd validation, and then save it in a text file.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013Pick a word (eight character?), convert it to base-64, done.
-
That's not very secure, you old fool! ;)
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
What does dividing a letter by two even mean? As a developer I'd think of its ASCII integer value, but mere mortals wouldn't be asked that question. Its position in the alphabet? For odd-numbered letters, do you then round up, or down? (Once again, I'm probably overthinking this, and it wasn't the point to your post anyway...) The problem with these "secret questions" is that the answer isn't always necessarily difficult to answer. Wasn't there a well-publicized case a few years ago of some government official who managed to get some hacker to successfully go through an email password reset procedure, because all of the questions could be googled (like what high school did he go to, or the name of his dog, all of which he had answered at one point or another in various interviews or they were part of his page on Wikipedia...)? Of course being a "nobody" myself, I don't have to worry about that aspect, but still - when I'm asked these questions for an important site, the answer I provide is as long and complex and non-memorable as the output of a password generator. Which defeats the "easy to answer" purpose of these questions, but I believe those are a bad idea to begin with.
-
I have the choice to do it easy, by email. Or I can do it the hard way, visiting them at their physical address. That's not really a choice to me :laugh: Haven't you heard, your snail mail is now delivered with super secure SHA-512 encryption! :laugh:
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
The mailman will read it out loud at the door :D
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
What does dividing a letter by two even mean? As a developer I'd think of its ASCII integer value, but mere mortals wouldn't be asked that question. Its position in the alphabet? For odd-numbered letters, do you then round up, or down? (Once again, I'm probably overthinking this, and it wasn't the point to your post anyway...) The problem with these "secret questions" is that the answer isn't always necessarily difficult to answer. Wasn't there a well-publicized case a few years ago of some government official who managed to get some hacker to successfully go through an email password reset procedure, because all of the questions could be googled (like what high school did he go to, or the name of his dog, all of which he had answered at one point or another in various interviews or they were part of his page on Wikipedia...)? Of course being a "nobody" myself, I don't have to worry about that aspect, but still - when I'm asked these questions for an important site, the answer I provide is as long and complex and non-memorable as the output of a password generator. Which defeats the "easy to answer" purpose of these questions, but I believe those are a bad idea to begin with.
dandy72 wrote:
What does dividing a letter by two even mean?
Exactly, pretty impossible to answer the question, right? Let alone how you would know the name of your great great great great grandson because most people don't live that long ;) And then there are the assumptions that all those generations will have children, that specific generation will have a boy and he'll have at least two names with the second having at least three letters. That was kind of my point, those questions are impossible to answer :laugh: Funny how you were only wondering about the dividing a letter part though :laugh:
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I just provide the same answer to all those questions. I need remember only one thing. And its very memorable.
Yeah, that's probably a better "question", a second password that you never use in case you lose your first. Because that's basically what it is :~
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
Are you my great great great great great grandson? I lose track.
User: Technical term used by developers. See Idiot.
Don't think so, as my grand grand grand grand grandpa isn't on the internet :D
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
dandy72 wrote:
What does dividing a letter by two even mean?
Exactly, pretty impossible to answer the question, right? Let alone how you would know the name of your great great great great grandson because most people don't live that long ;) And then there are the assumptions that all those generations will have children, that specific generation will have a boy and he'll have at least two names with the second having at least three letters. That was kind of my point, those questions are impossible to answer :laugh: Funny how you were only wondering about the dividing a letter part though :laugh:
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Just use Keepass, or another keeper, and use their algorithm supplied passwords for those 'questions.' Far more secure, if security is your wish.
-
Who on Hell would want to divide his great great great great grandson by two? That would be gross.
"I'm neither for nor against, on the contrary." John Middle
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Don't provide real answers. Just put in a password, so to speak, as the answer. All this password stuff is so ridiculous it actually makes things less secure.
Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
My philosophy : correct horse battery staple.
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Many years ago I got the following message from our corporate domain: New password should be at least 4294967295 symbols length and differ from previous 65535 passwords.
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
In the U. S. of A, many financial institution have been using this for some years. Often having as many as five such questions so you could be asked for any one or more of them. As a rule, I don't give real answers - but rather something deducible from an algorithm (in my head only - hacking that would be a bloody mess - as you French well know). Why the algorithm? Well - it turns out that all of these places are now accumulating even more personal information about you that only you should know. Even more candy for that inevitable day they get hacked. My (US) government run sites validate by sending me a key via email - so someone needs to know where I get their email. On one site, passwords are entered via mouse on a little online keyboard - so it cannot be key-logged (they change the references every time).
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
You don't have to give a "true" answer to the security questions. You just have to give an answer you remember. When does your drivers license expire? On your birthday in 2028. What's your electric company's account number? 12345. And the best way to keep it all straight - a password manager program like KeePass.
-
Sander Rossel wrote:
For that reason we have the policy that your new password must be at least x% different from your old password... X|
Which is another security flaw as it would imply that the passwords are saved in an encrypted format at best. If the passwords were hashed(with or without a salt) there would be no way(other than brute force guesses without taking into account collisions) to compare the new password to the old password.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
I once created a really long password using all the allowable characters. When it came time to change it, the new password was rejected because it had too many of the same characters as the previous one. If the sysadmin had not been able to override that rule, I'd never have been able to use that system again.
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
I just go to: HackedUSGOVTPasswords.com and look my password up by my government UserID. :) :) :)
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Does it really matter what answer you give? I mean, if you chose the utility company client id , couldn’t you just give them a bogus number, and log that in your password manager’s notes? It’s not likely that they’ll contact the utility to make sure you’re not lying. :)
Mark Just another cog in the wheel
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Most of these are just "memory triggers" ... You can say your mother's maiden name is "Snuff" ... They don't actually reject your "secret word" (unless it's too short; etc) or "come after you". The funny thing is people honestly trying to answer these "nonsense" questions (I did) ... since "id theft" would be all that's need to crack your "secret words". (I used my "pet's name" when I didn't even have a pet).
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
