Re: Big Sites That Don't Allow Complex Passwords !?!

Author	All Replies
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to Daniel Re: Big Sites That Don't Allow Complex Passwords !?! It's a problem because humans are better at remembering shorter passwords, ... The idea of remembering passwords went out the window once web sites started wanting passwords. It is unmanageable. I keep only a very few remembered passwords. One of those is the passphrase I need to access my encrypted password database. And once one starts storing passwords in a database, there is no longer a need to keep them short. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-03-17 13:39:44 ·
Daniel Premium,MVM join:2000-06-26 San Francisco, CA 2 edits	said by nwrickert: It's a problem because humans are better at remembering shorter passwords, ... The idea of remembering passwords went out the window once web sites started wanting passwords. It is unmanageable. Your argument is invalid simply because over 95% of users still do manage their own passwords. That's a guess, but it's actually probably closer to 99%. We have to solve the problems we have, not the problems we should have or wish we had. -- dmiessler.com -- grep understanding knowledge
	to forum · permalink · 2007-03-17 18:08:14 ·

nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	Your argument is invalid simply because over 95% of users still do manage their own passwords. I manage my own passwords. Storing them in a file, and encrypting that file is part of how I manage them. I just checked. I have 55 entries in that file, and I shun most web sites that require passwords. Nobody can remember that many. If they actually are trying to remember 55 passwords, then they are probably using very weak passwords and re-using the same password for many sites. And if they are doing that, they have a more serious problem than the one you suggested in your OP. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · 2007-03-17 18:17:54 ·
Daniel Premium,MVM join:2000-06-26 San Francisco, CA	said by nwrickert: Your argument is invalid simply because over 95% of users still do manage their own passwords. If they actually are trying to remember 55 passwords, then they are probably using very weak passwords and re-using the same password for many sites. And if they are doing that, they have a more serious problem than the one you suggested in your OP. Well, that is the reality we're facing. The question is, how do we mitigate some of this risk? It's a lot harder to get users to change their habits than it is to get a single site that handles millions of accounts to change theirs. I agree it's not a real solution, but nothing in security ever is. It's about reducing risk, and if we can add ANY significant amount of complexity to the incredibly weak passwords that most people use, we'll have accomplished something. Hence my OP. -- dmiessler.com -- grep understanding knowledge
	to forum · permalink · 2007-03-17 18:24:44 ·

Broadband Tech > Security > Security > Sites That Don't Allow Special Characters In Passwords !?!