Anyone still including special characters is behind the curve frankly. Working in Cybersecurity it pisses me off when anything enforces the special character requirement. It adds no security but plenty of inconvenience.
Well, sure, but I was under the impression that pass phrases that were dozens of characters long were better than passwords. That being said, I've seen almost no institution using anything but your generic 8-16 character, 1 number, 1 capital, 1 special character, none of the past 4 passwords, password template.
I think there's issues with some of the older legacy Windows systems that will straight up truncate anything past 16 characters, so that could be contributing to the issue.
Getting people to move away from old habits is a long and painful process in IT, particularly if the IT folks aren't the ones with decision making authority.
No. It does not seem to me that three words would be sufficient. However, uncommon phrases are rather good, and even better when combined with special characters.
E.g.
$%Antonio the KiA2 (user is a giant faggot)
This is close to uncrackable using traditional methods. First of all, KiA2 is not going to be present in any passwords that are now known. Secondly, if by some chance all these characters are present in some dictionary used by the cracker, then the random special characters will make it exponentially more difficult anyway.
Of course it was. Adding a special character only increases complexity slightly by adding a few extra permutations to check for each character. Adding extra characters increases complexity by orders of magnitude.
Create a password that's twenty characters long but easy to type and remember and it will never get brute forced. The way passwords actually get popped isn't by brute force attempts to authenticate with every permutation anyway. Far more likely that you get popped by a keylogger or something that pulls the password hash from memory, or an authentication token getting intercepted. No one's getting into your account by guessing your password, that's old tech. Making passwords include a bunch of special characters is nothing more than security theater for the masses.
I don't get it? All I see is "secured by the password ********"
Weird. My password is ********.
Can anybody else try it with their passwords to see if they're being masked as well?
My password is WymynAreTrash69.
Watch some idiot try it.
We all know your password is WomenAreTrash6969
You're not fooling anyone.
In case you've never heard of it: https://knowyourmeme.com/memes/hunter2
Bash.org: there's a site I haven't thought about in a long time.
jesus christ don't spread that around, then people will find out where I steal all of my material from
omg really? that is amazing
Reality needs to be rebooted.
God really is a shitposter.
YOU DIDN'T EVEN INCLUDE A SPECIAL CHARACTER
Hunter is a special character.
Anyone still including special characters is behind the curve frankly. Working in Cybersecurity it pisses me off when anything enforces the special character requirement. It adds no security but plenty of inconvenience.
Well, sure, but I was under the impression that pass phrases that were dozens of characters long were better than passwords. That being said, I've seen almost no institution using anything but your generic 8-16 character, 1 number, 1 capital, 1 special character, none of the past 4 passwords, password template.
I think there's issues with some of the older legacy Windows systems that will straight up truncate anything past 16 characters, so that could be contributing to the issue.
Getting people to move away from old habits is a long and painful process in IT, particularly if the IT folks aren't the ones with decision making authority.
I wonder what the limit is in active directory
So the XKCD comic was right when it said you should use a long compound word like "horsebatterystapler" for a password?
No. It does not seem to me that three words would be sufficient. However, uncommon phrases are rather good, and even better when combined with special characters.
E.g.
$%Antonio the KiA2 (user is a giant faggot)
This is close to uncrackable using traditional methods. First of all, KiA2 is not going to be present in any passwords that are now known. Secondly, if by some chance all these characters are present in some dictionary used by the cracker, then the random special characters will make it exponentially more difficult anyway.
Of course it was. Adding a special character only increases complexity slightly by adding a few extra permutations to check for each character. Adding extra characters increases complexity by orders of magnitude.
Create a password that's twenty characters long but easy to type and remember and it will never get brute forced. The way passwords actually get popped isn't by brute force attempts to authenticate with every permutation anyway. Far more likely that you get popped by a keylogger or something that pulls the password hash from memory, or an authentication token getting intercepted. No one's getting into your account by guessing your password, that's old tech. Making passwords include a bunch of special characters is nothing more than security theater for the masses.
I'malumberjackandi'mokay,IsleepatnightandIworkallday.
^ Impenetrable.
Whoa! He could have gotten several nights with a top-notch call girl for that amount.
He's paying for the convenience. Also the audience.