To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 6468
6467  |  6469
Subject: 
 Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
Newsgroups: 
 lugnet.admin.general
Date: 
 Wed, 26 Apr 2000 02:29:40 GMT
Highlighted: 
 (details)
Viewed: 
 2622 times
  
In lugnet.admin.general, Todd Lehman writes:
Not sure what/if you are insinuating between the lines there, or whether I
should feel insulted by that comment, but having a password validator that
doesn't suck is IMHO a fundamental prerequisite to allowing passwords to be
changed.  Anything less is irresponsible.  (Yes, I know, allowing too much

I haven't posted with respect to this in a while, but I would like to say that
if you use this current validator to validate what people can choose for
passwords you might as well just not use it and keep sticking people with the
ones you are now.

I've fed it almost every password I've ever used, some of which took more than
a day on a P2 for l0phtcrack to brute-force, and it failed them all.

It's a neat toy - it's fun to throw things that are purely random at it and
have it spit back how worthless as passwords they are.  But it's insanely
picky, with the emphasis being on the insanely part.

I've got a password or three now that it passes, taking a tip from your "first
letter of each word of a sentence" comment.  But I don't see them as any
better than the multitude it failed.

But I have no desire to argue overmuch about this.  You do what you want, but
you need to keep in mind that as LUGNET grows and as you hope to attract more
and more people, ultimately benefiting both the community and you, you could
possibly be sticking those willing to *pay* to be members with a password
system that is about a million times more restrictive than the ones they use
to buy with credit cards and access their bank accounts every day.  I wonder
how many people will find the services worth the trouble?



Message has 2 Replies:
  Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
 
(...) Thanks for the above data points. How badly did it fail them by? Did you catch this post from Monday?-- (URL) threshold number was below the all the number returned for the ones you tried that it failed? Would a threshold of, say, 50 (instead (...) (25 years ago, 26-Apr-00, to lugnet.admin.general)
  Re: PW validation terms/labels
 
I find the labels a bit pejorative, as they impose your thinking on what level of security is appropriate on what should just be strength metrics. For example at setting 1 "lax" it fails passwords that I consider perfectly adequate for the risk (...) (25 years ago, 5-May-00, to lugnet.admin.general)

Message is in Reply To:
  PW validation (was: Re: Opinions wanted: article rating harmful?)
 
(...) Fair enough. (...) Not really. Wish I hadn't had to. (...) Not really, no. It's not intended as a toy or a means of entertainment. I enjoyed getting feedback on aspects of it to the extent that getting useful feedback is enjoyable. (...) Not (...) (25 years ago, 21-Apr-00, to lugnet.admin.general)

309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR