 | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Richard Franks
|
| | (...) But the validator doesn't find non-sucky passwords, it just finds the least randomised - ie, it will pass something like: 4h(i,>$s& but fail: 4h(i,>$s&-fun What's the point of allowing people to change from their highly randomised default (...) (25 years ago, 23-Apr-00, to lugnet.admin.general) !
|
| | |
| |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Matthew Miller
|
| | | | (...) It's finding _more_ random passwords in a technical sense of "random". (More random = containing no sequences. Or more accurately, no part of the number follows from any other part.) I agree that the super-cool validator may be overkill for (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |
| | | |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Richard Franks
|
| | | | | (...) Yup - you're right - my squiff (I meant *more*) :) (...) I'd be happy with a user-responsible password for membership logins (ie 90% of membership use including posting privilidges), but with authorisation through a LUGNET-validated password (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | | |
| | | | |  | | (canceled) Larry Pieniazek
|
| | | | | | |
| | | | | |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) John Matthews
|
| | | | | | | I can't believe that Larry posted this twice (accident maybe, maybe not). I am with Larry on this one. This is a problem that requires a simple solution. Please do not confuse simple with simplistic. It is a complicated problem; the solution, while (...) (25 years ago, 24-Apr-00, to lugnet.admin.general)
|
| | | | | | | |
| | | | | | |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Larry Pieniazek
|
| | | | | | | (...) It was an accident and I would appreciate the first one being cancelled. There is a difference in phrasing of less than 1% between the first and second, but it's crucial. (...) I appreciate the support but I don't actually agree with John. At (...) (25 years ago, 24-Apr-00, to lugnet.admin.general)
|
| | | | | | | |
| | | | |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Larry Pieniazek
|
| | | | | | (...) a (...) I wouldn't. Look. I've read through the plan several times. There is nothing there that needs this *insane* level of protection. Nothing. Really. We are *not* talking missile lanuch codes here, people. Two levels of passwords is (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | | | |
| | | | |  | | Re: PW validation Todd Lehman
|
| | | | | (...) Ya, sorta... But not so much two different states of logins as two tiers of passwords which would both be required (only if you wanted it that way) before you'd be considered actually logged in. In other words, you could give two passwords (...) (25 years ago, 24-Apr-00, to lugnet.admin.general)
|
| | | | | |
| |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Todd Lehman
|
| | | | (...) It's perfectly content to "pass" most 6- to 8- character pw's constructed by the first letter of successive words, especially if the pw includes a digit, a capital letter, or a special character. Those types of things tend to be "random" from (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |
| | | |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Richard Franks
|
| | | | (...) Maybe I'm just miffed because it failed *all* of the passwords I use? :) If I did anything that even remotely required great security that would be a problem I guess! (...) *mumble*mumble* Look over there - a MISB Galaxy Explorer! (...) It's (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |
| | | |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Eric Joslin
|
| | | | | (...) Me too. I mean, I'm not miffed (I have *much* better things to get miffed about) but it did fail, without exception, every password I have ever used. (...) I do. And the things I apply them to have checks for weak passwds. I suspect that they (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | | |
| | | | |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Eric Joslin
|
| | | | | | (...) In a row. Very important phrase I left out. (...) eric (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | | | |
| | | |  | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Todd Lehman
|
| | | | (...) Are there any that it gave between 0% and 100% to? (i.e., not < 0% ?) (...) Eeek -- no! -- locking people out on a failed login attempt would certainly negate the danger of a brute-force of attack, but it would make an entirely new type of (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |