To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 6413
6412  |  6414
Subject: 
 Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
Newsgroups: 
 lugnet.admin.general
Date: 
 Sun, 23 Apr 2000 12:15:53 GMT
Highlighted: 
 ! (details)
Viewed: 
 3083 times
  
In lugnet.admin.general, Todd Lehman writes:
In lugnet.admin.general, Larry Pieniazek writes:
So are you going to enforce that people HAVE to set their passwords to
things that the validator feels don't suck,

That is its purpose.

But the validator doesn't find non-sucky passwords, it just finds the least
randomised - ie, it will pass something like:
4h(i,>$s&      but fail:
4h(i,>$s&-fun

What's the point of allowing people to change from their highly randomised
default LUGNET password (because they have a hard time remembering it), if the
validator only allows something of greater randomisation?

IIRC at least one default LUGNET password failed? My LUGNET password which is
rather easy to remember.. passed with honours!

IMHO it is reasonable to impose a minimum limit of characters, impose an
alpha-numeric mix, maybe even make sure that it isn't just one word known to a
dictionary mixed with one number. But much more than that seems too
restrictive. There is also the counter-security risk - as people have to use
really complicated and random passwords, they tend to start writing them down
in places, password files etc.

Besides which, the longer it takes before users can change their passwords, the
greater chance that other people will stumble upon their LUGNET welcome pack,
which contains their password handily printed out :)

I'm not a security expert - just a user who would rather take the advice of a
password system but have ultimate personal responsibility over my password.

Richard



Message has 2 Replies:
  Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
 
(...) It's finding _more_ random passwords in a technical sense of "random". (More random = containing no sequences. Or more accurately, no part of the number follows from any other part.) I agree that the super-cool validator may be overkill for (...) (24 years ago, 23-Apr-00, to lugnet.admin.general)
  Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
 
(...) It's perfectly content to "pass" most 6- to 8- character pw's constructed by the first letter of successive words, especially if the pw includes a digit, a capital letter, or a special character. Those types of things tend to be "random" from (...) (24 years ago, 23-Apr-00, to lugnet.admin.general)  

Message is in Reply To:
  Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
 
(...) That is its purpose. --Todd (24 years ago, 23-Apr-00, to lugnet.admin.general)

309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR