 | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Mike Stanley
|
| | | (...) I haven't posted with respect to this in a while, but I would like to say that if you use this current validator to validate what people can choose for passwords you might as well just not use it and keep sticking people with the ones you are (...) (25 years ago, 26-Apr-00, to lugnet.admin.general)
|
| | | |
| | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Todd Lehman
|
| | | | | (...) Thanks for the above data points. How badly did it fail them by? Did you catch this post from Monday?-- (URL) threshold number was below the all the number returned for the ones you tried that it failed? Would a threshold of, say, 50 (instead (...) (25 years ago, 26-Apr-00, to lugnet.admin.general)
|
| | | | | |
| | | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Mike Stanley
|
| | | | | | (...) Pretty badly - I know they were all worthless. I didn't really pay attention to the numbers. I think they were as low negatively, though, as the "first leter from each word in a sentence" was positively, though. (...) I think they were all < (...) (25 years ago, 26-Apr-00, to lugnet.admin.general)
|
| | | | | | |
| | | | | Re: PW validation terms/labels —Larry Pieniazek
|
| | | | I find the labels a bit pejorative, as they impose your thinking on what level of security is appropriate on what should just be strength metrics. For example at setting 1 "lax" it fails passwords that I consider perfectly adequate for the risk (...) (25 years ago, 5-May-00, to lugnet.admin.general)
|
| | | | |
| | | | | | Re: PW validation terms/labels —Todd Lehman
|
| | | | (...) OK, fair enough. Labels gone. Just pure numbers in the drop-down list now. (...) The label covers (covered) what the setting allows in the worst-case. If you poke around enough (or, as I've done, run scripts internally that hammer on it to (...) (25 years ago, 5-May-00, to lugnet.admin.general)
|
| | | | |
| | | | | | Re: PW validation terms/labels —Frank Filz
|
| | | | (...) Perhaps part of the problem is the relative weights attached to various elements of strength of passwords. I would generally agree that a 4 character password should not be accepted (of course I suspect most of us have a significant amount of (...) (25 years ago, 5-May-00, to lugnet.admin.general, lugnet.off-topic.debate)
|
| | | | |
| | | | | | Re: PW validation terms/labels —Todd Lehman
|
| | | | (...) For the average person or script kiddle to crack a 4-digit PIN via brute force, they'd have to: (1) first actually get someone's card; and then (2) manually try out up to 10,000 combinations, and IIRC, ATM's are programmed to eat cards after a (...) (25 years ago, 5-May-00, to lugnet.off-topic.debate)
|
| | | | |
| | | | | | Re: PW validation terms/labels —Frank Filz
|
| | | | (...) (1) is certainly true, (2) is mostly true (there are many ATMs, including ones in stores which can not eat cards, and probably don't alert the cashier to take the card [possibly dangerous if the person using the card is a real criminal]). (...) (25 years ago, 5-May-00, to lugnet.off-topic.debate)
|
| | | | |
| | | | | | Re: PW validation terms/labels —Todd Lehman
|
| | | | (...) oh! OK. I totally totally totally agree with that! --Todd (25 years ago, 5-May-00, to lugnet.off-topic.debate)
|
| | | | |
