-
August 23rd, 2010, 09:30 AM
#16
What drives me nuts is that sites have their own rules. I have a PW at one site that must be limited to 10 characters! Another must be between 6 - 12 characters. Yet another doesn't allow special characters. Let's have some standardization here!
What's ironic is that some of the financial/banking websites have restrictions on PW length. You'd think they'd be more emphatic about requiring longer ones.
The weirdest issue on this was for the site which required between 6 - 12 character PWs. I either didn't notice that or they hadn't clearly stated this, but I had created a PW longer than 12 characters. But the site only accepted the first 12 characters and just ignored the rest. So I was happily using it typing in all the characters of my PW even though everything after 12 was being ignored. When they created a mobile version, I couldn't get into it at all. After much wrangling, we realized that the mobile site for whatever reason DID accept more than 12 characters so my longer PW was detected incorrect!
My equipment:
Acer Aspire AX3300-U1322 Desktop (sorry didn't build this time!), 4Gb RAM, AMD Athlon II quad core CPU
-
August 23rd, 2010, 09:58 AM
#17
Originally Posted by NickC
What drives me nuts is that sites have their own rules. I have a PW at one site that must be limited to 10 characters! Another must be between 6 - 12 characters. Yet another doesn't allow special characters. Let's have some standardization here!
What's ironic is that some of the financial/banking websites have restrictions on PW length. You'd think they'd be more emphatic about requiring longer ones.
The weirdest issue on this was for the site which required between 6 - 12 character PWs. I either didn't notice that or they hadn't clearly stated this, but I had created a PW longer than 12 characters. But the site only accepted the first 12 characters and just ignored the rest. So I was happily using it typing in all the characters of my PW even though everything after 12 was being ignored. When they created a mobile version, I couldn't get into it at all. After much wrangling, we realized that the mobile site for whatever reason DID accept more than 12 characters so my longer PW was detected incorrect!
I agree with all of that! Apart from the idiotic requirements and total lack of consistency of some sites, nobody ever seems to ask whether a login is even required at all. Being made to login when all you can do is browse articles at the end is ridiculous
Nick.
-
August 23rd, 2010, 10:36 AM
#18
The article I linked to in a previous post is not about the "best" security but about "practical" security. For example, if VDr required a 12 character password I would never have joined. According to the Cambridge University study I am typical and VDr would probably have failed from lack of participation. On the other hand, there are sites which should require a minimum of 12 characters. Standardize? It'll never happen, and that's good.
There is another issue that I never see mentioned. Only a few English speaking countries use the 8 bit ASCII character set. Translation between character sets (most of which use 16 or more bits per character) is common on the Internet (that's why you sometimes see apostrophes replaced by weird characters). I am not aware of this being an issue with passwords, so far, but in time it will be. One more reason to avoid the use of special characters in passwords.
-
August 23rd, 2010, 12:42 PM
#19
I agree. When I said standardization, it doesn't have to mean a specific # of characters. It's okay to make it a range. But if we lean towards "longer is better" then shouldn't the range be expanded? e.g. 6 - 24 characters. Then it's up to the user what length they want to feel secure.
Or regarding the issues of special characters - in addition to the difficulty of implementing them, I have yet to see any definitive answer as to why it makes a password more secure. e.g., if I have a 15 character password, all lower case, which is virtually impossible to guess (no names or anything specific to me), then is this any more secure if I include some special characters, numbers, or capital letters?
If not, then why do so many sites insist that these MUST be added? Maybe catering to the ordinary person who's likely to use a first name, etc. as a password...
My equipment:
Acer Aspire AX3300-U1322 Desktop (sorry didn't build this time!), 4Gb RAM, AMD Athlon II quad core CPU
-
August 23rd, 2010, 01:12 PM
#20
Special characters are usually required because if you don't require them, most users will use real words that are vulnerable to a dictionary attack.
-
August 23rd, 2010, 09:21 PM
#21
Some sites like my cell phone site only allow 4 digit pins for logging in; this irritates the heck out of me, and is very insecure imo. It also drags my psw score down to 93.5 at LastPass security check site. I don't care for sites that only allow 4-10 characters for log in, and will use PayPal to pay at those sites, as it is far more secure.
-
August 24th, 2010, 12:25 AM
#22
Four digit PINs are used for debit/credit transactions at ATMs and POS terminals. They are reasonably secure because the card issuer locks out access after three consecutive incorrect PIN entries. You have to contact the issuer and identify yourself to unlock the account.
Perhaps your phone service uses a similar system.
-
August 24th, 2010, 01:20 AM
#23
Originally Posted by SuperSparks
Apart from the idiotic requirements and total lack of consistency of some sites, nobody ever seems to ask whether a login is even required at all. Being made to login when all you can do is browse articles at the end is ridiculous
This is how I ended up with about 150 PW's in LastPass, many of which are newspaper, magazine, computer tech sites and such. And each registration requires your replying to an email to activate your account. Read part of the article, and it's quite interesting.
Last edited by foxy; August 24th, 2010 at 01:30 AM.
Win7 Ult/ 3.40 GHZ Intel Core i5-3570K /ASRock mobo Z77 Pro4 /SSD/ EUFI MS 3400 MHZ/8 GB RAM; Win 7 Ult/Verizon FIOS wired network
Waterfox Classic/Chrome / Firefox 115esr
--------------------------------------------------------------------------------
"The medium is the message." - Marshall McLuhan
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|