Neat holding experiment

beerntrading said:
Oh, come on. You can't really believe that micro$oft, et al., are really increasing security by making you find a unique password (to them) every 6 months....

This obviously creates a weak password through normalization of passwords to every different place you use them...or a strong password that is beyond the capacity of ordinary memory to keep it unique, unrecorded, and complex.

If you don't have this problem, you have "poor" password. If you do have this problem, it's recorded or normalized....and the worst thing is this is the "password paradox" entirely foreseeable, and entirely foreseen.
More...

Exactly the problems I run into...

Overnight said:
Nuh uh. When it comes to complex passwords protecting my money, I will remember the 12 character password with the required capital, 2 numbers, 2 specials and the extra umlat on the 5th character from the right once-removed.

When your life depends on remembering something, you will remember it in great detail. Not a difficult concept. *shrugs*
More...

My life doesn't depend on the 1200$ here or there I risk losing and/or having to jump through hoops to recover (as this guy did).
 
Here4money said:
Exactly the problems I run into...



My life doesn't depend on the 1200$ here or there I risk losing and/or having to jump through hoops to recover (as this guy did).
More...
Indeed. The guy in the article should just do a simple 8 character password with at least one capital, number and special.

That combo comes out to something like 10^400 possibilities or some crazy thing. Not a password that will be broken on three tries before the host site locks you out. Ug!
 
Overnight said:
Indeed. The guy in the article should just do a simple 8 character password with at least one capital, number and special.

That combo comes out to something like 10^400 possibilities or some crazy thing. Not a password that will be broken on three tries before the host site locks you out. Ug!
More...

I just do unknown phrases and mix different languages now.
 
Overnight said:
Nuh uh. When it comes to complex passwords protecting my money, I will remember the 12 character password with the required capital, 2 numbers, 2 specials and the extra umlat on the 5th character from the right once-removed.

When your life depends on remembering something, you will remember it in great detail. Not a difficult concept. *shrugs*
More...
Sorry, no. New passwords every 6 months undermines the association that may make a unique password for every site reasonable...In practice it normalizes passwords between sites.

But the normalization of passwords is problematic...reusing the same patterns, using readily available info (birthdays, partial SSNs, etc). But it's impossible to do this uniquely for each password...at best you can hold one password paramount (and thus undermine the rest).

We know from experience that the vast majority of people can maintain phone numbers of many people...a point forgotten with the advent of the very same technology that is supposedly simplifies communication....but when that changes every X months, on every site I go to, the effect is to undermine passwords.

The problem is password "security" occurs in a vacuum where only that password exists (and in no other site), and they're obvious that both remembering and not recording are ignored...and that changing passwords every x Months compounds the problem...
 
Last edited:
You must log in or register to reply here.
Back
Top