| | Re: PW validation terms/labels
|
|
I find the labels a bit pejorative, as they impose your thinking on what level of security is appropriate on what should just be strength metrics. For example at setting 1 "lax" it fails passwords that I consider perfectly adequate for the risk (...) (25 years ago, 5-May-00, to lugnet.admin.general)
|
|
| | Re: PW validation terms/labels
|
|
(...) OK, fair enough. Labels gone. Just pure numbers in the drop-down list now. (...) The label covers (covered) what the setting allows in the worst-case. If you poke around enough (or, as I've done, run scripts internally that hammer on it to (...) (25 years ago, 5-May-00, to lugnet.admin.general)
|
|
| | Re: PW validation terms/labels
|
|
(...) Perhaps part of the problem is the relative weights attached to various elements of strength of passwords. I would generally agree that a 4 character password should not be accepted (of course I suspect most of us have a significant amount of (...) (25 years ago, 5-May-00, to lugnet.admin.general, lugnet.off-topic.debate)
|
|
| | Re: PW validation terms/labels
|
|
(...) For the average person or script kiddle to crack a 4-digit PIN via brute force, they'd have to: (1) first actually get someone's card; and then (2) manually try out up to 10,000 combinations, and IIRC, ATM's are programmed to eat cards after a (...) (25 years ago, 5-May-00, to lugnet.off-topic.debate)
|
|
| | Re: PW validation terms/labels
|
|
(...) (1) is certainly true, (2) is mostly true (there are many ATMs, including ones in stores which can not eat cards, and probably don't alert the cashier to take the card [possibly dangerous if the person using the card is a real criminal]). (...) (25 years ago, 5-May-00, to lugnet.off-topic.debate)
|
|
| | Re: PW validation terms/labels
|
|
(...) oh! OK. I totally totally totally agree with that! --Todd (25 years ago, 5-May-00, to lugnet.off-topic.debate)
|