I just wanted to say that I think it's silly to have requirements on the password I use at a forum site. Is the fear that someone might crack my password and post as me? I hope it doesn't expire every 30 days and force me to create another new one. /sarcasm
I just wanted to say that I think it's silly to have requirements on the password I use at a forum site.
I think this is a "we can't win" situation. If we have a weak password requirements, there will be those who point at the site and say "Microsoft sucks, they don't even use their own recommended password practices." And with the stronger password requirements
we have on the site now (6+ characters, including one upper, one lower, and one number), we see complaints that it's too stringent for a community site.
charon_x
Is the fear that someone might crack my password and post as me?
That's part of it. Part of it is that someone could crack a moderator's or admin's password and do some damage.
charon_x
I hope it doesn't expire every 30 days and force me to create another new one.
I agree first that the site is very useful lots of people here to help folks out which is great.
I also think the password requirement is way over the top, especially for a basic community forum. I understand the need to keep moderator's and admin's passwords secure. My suggestion is give basic forum members normal password requirements and have the
mods/admins stick to the higher level password scheme.
I'm glad your password doesn't expire every 30 days, otherwise I'd only have a 30 day membership. :)
I strongly disagree with simplifying the passwords.
Examples: A5pNet
1U1l1n
How hard is that? (rhetorical)
I've probably more that 200 of my own passwords in my head.
Compare: https://www.grc.com/passwords.htm 63 random printable ASCII characters:
xxzqR,bi)MWZ0\ku@6s4JNV?B*"EyH?B_l~md6I~A(E2VjW15{z|%zQLNC<b?jb
Frankly, 1U1l1n is too weak but it will likely suffice.
Personally, Microsoft's recommendations are reasonable and only six is a kindness.
The only problem with the password policy which is discussed frequently here
is that first you have to enter a password that gets rejected in order to see the
policy. The policy should be shown up front. There would probably be fewer complaints
about it if it were shown up front.
If the policy were any one or more character(s), I would still use a strong password.
We are I.T. professionals here and we need to lead by example.
Regards,
Gerry (Lowry)
B-) Please help me by completing my school survey about computer programmers on my website. Thank you!!! Gerry Lowry +1 705-429-7550 wasaga beach, ontario, canada
I strongly disagree with simplifying the passwords.
Examples: A5pNet
1U1l1n
How hard is that? (rhetorical)
Hold on there cowboy. If the password requirements are simplified, it doesn't mean you are forced to use a simple password. You can still use as complex a password as you wish.
Currently everyone is forced to use a complicated password and they might not want to or need to. This isn't NORAD. This isn't a bank. I'll wager that more data/productivity/time/money has been lost to excessive security than to hackers. Most people
can't remember 10 passwords so they write them down and are less secure....which is the opposite of what complicated passwords are intended to do.
Hello Steve ... probably because today is World Poetry Day*,
you've decided to read between my lines.
Nuthin's thair, Wellens!
B-)
Prob'ly cause 'ur a romantic,
you think I'm a cowboy.
Not true of course ...
don't get frantic ...
Gerry owns no horse.
Steve, believe: I was not implying that a simple password should be
used; I was simply demonstrating the one can craft
if she/he so desires, a short, memorable password
that complies with the stated (albeit delayed) rules.
TIMTOWTDI** applies to passwords too.
Example: first letter of each word of your favourite poem: Mary had a
little lamb
That's not complicated. Mhall2009 satisfies the policy.
** From the Perl community: "There is
more than one way
to do it."
B-) Please help me by completing my school survey about computer programmers on my website. Thank you!!! Gerry Lowry +1 705-429-7550 wasaga beach, ontario, canada
charon_x
Member
15 Points
9 Posts
Password Strength
Sep 25, 2008 06:06 PM|LINK
I just wanted to say that I think it's silly to have requirements on the password I use at a forum site. Is the fear that someone might crack my password and post as me? I hope it doesn't expire every 30 days and force me to create another new one. /sarcasm
bullpit
All-Star
21838 Points
4822 Posts
Re: Password Strength
Sep 25, 2008 06:14 PM|LINK
There has been outcry for this quite a few times. Here is just one of them: http://forums.asp.net/t/1322974.aspx
Max
Let Me Google That For You!
charon_x
Member
15 Points
9 Posts
Re: Password Strength
Sep 25, 2008 06:31 PM|LINK
Thank you. Reading that at least reminded me that I should have also said in my first post, "Thankyou for hosting a great site."
bullpit
All-Star
21838 Points
4822 Posts
Re: Password Strength
Sep 25, 2008 06:36 PM|LINK
[Yes]Kudos to all involved...
Max
Let Me Google That For You!
tmorton
All-Star
56556 Points
9751 Posts
ASPInsiders
Moderator
Re: Password Strength
Sep 25, 2008 07:09 PM|LINK
I think this is a "we can't win" situation. If we have a weak password requirements, there will be those who point at the site and say "Microsoft sucks, they don't even use their own recommended password practices." And with the stronger password requirements we have on the site now (6+ characters, including one upper, one lower, and one number), we see complaints that it's too stringent for a community site.
That's part of it. Part of it is that someone could crack a moderator's or admin's password and do some damage.
Nope. :-)
ASP.NET/IIS.NET Website Manager, Neudesic
fordag
Member
4 Points
2 Posts
Re: Password Strength
Mar 19, 2009 12:44 AM|LINK
I agree first that the site is very useful lots of people here to help folks out which is great.
I also think the password requirement is way over the top, especially for a basic community forum. I understand the need to keep moderator's and admin's passwords secure. My suggestion is give basic forum members normal password requirements and have the mods/admins stick to the higher level password scheme.
I'm glad your password doesn't expire every 30 days, otherwise I'd only have a 30 day membership. :)
gerrylowry
All-Star
20577 Points
5721 Posts
Re: Password Strength
Mar 21, 2009 11:53 PM|LINK
I strongly disagree with simplifying the passwords.
Examples: A5pNet
1U1l1n
How hard is that? (rhetorical)
I've probably more that 200 of my own passwords in my head.
Compare: https://www.grc.com/passwords.htm 63 random printable ASCII characters:
xxzqR,bi)MWZ0\ku@6s4JNV?B*"EyH?B_l~md6I~A(E2VjW15{z|%zQLNC<b?jb
Frankly, 1U1l1n is too weak but it will likely suffice.
Personally, Microsoft's recommendations are reasonable and only six is a kindness.
The only problem with the password policy which is discussed frequently here
is that first you have to enter a password that gets rejected in order to see the
policy. The policy should be shown up front. There would probably be fewer complaints
about it if it were shown up front.
If the policy were any one or more character(s), I would still use a strong password.
We are I.T. professionals here and we need to lead by example.
Regards,
Gerry (Lowry)
frankClooter
Member
9 Points
9 Posts
Re: Password Strength
Mar 22, 2009 12:13 AM|LINK
I just joined. No big deal to me except not knowing up front about your U + l + 1 and >= 6 rule.
I agree with previous post. We need to practice our preachings.
FC
SGWellens
All-Star
126033 Points
10311 Posts
Moderator
Re: Password Strength
Mar 22, 2009 01:18 AM|LINK
Hold on there cowboy. If the password requirements are simplified, it doesn't mean you are forced to use a simple password. You can still use as complex a password as you wish.
Currently everyone is forced to use a complicated password and they might not want to or need to. This isn't NORAD. This isn't a bank. I'll wager that more data/productivity/time/money has been lost to excessive security than to hackers. Most people can't remember 10 passwords so they write them down and are less secure....which is the opposite of what complicated passwords are intended to do.
My blog
gerrylowry
All-Star
20577 Points
5721 Posts
Re: Password Strength
Mar 22, 2009 02:20 AM|LINK
Hello Steve ... probably because today is World Poetry Day*,
you've decided to read between my lines.
Nuthin's thair, Wellens! B-)
Prob'ly cause 'ur a romantic,
you think I'm a cowboy.
Not true of course ...
don't get frantic ...
Gerry owns no horse.
Steve, believe: I was not implying that a simple password should be
used; I was simply demonstrating the one can craft
if she/he so desires, a short, memorable password
that complies with the stated (albeit delayed) rules.
TIMTOWTDI** applies to passwords too.
Example: first letter of each word of your favourite poem:
Mary had a little lamb
That's not complicated. Mhall2009 satisfies the policy.
Regards ............... Gerry (Lowry)
* http://portal.unesco.org/en/ev.php-URL_ID=37173&URL_DO=DO_TOPIC&URL_SECTION=201.html
** From the Perl community: "There is more than one way to do it."