Your Password must be at least 10 characters long.
Your Password must contain at least one upper-case character.
Your Password must contain at least one number.
Your Password must contain at least one of the following special characters: - () . & @ ? ' # , / " +
Wait a second... if all password required services start using these requirements doesn't that essentially make using those precautions useless as the passwords crackers can eliminate passwords that dont contain them?
Yes, and actually many people will put these special required characters at a specific location that is the same for most other people as well, e.g. at the end or beginning of their password
>Your Password must be at least 10 characters long.
>Your Password must contain at least one upper-case character.
>Your Password must contain at least one number.
>Your Password must contain at least one of the following special characters: - () . & @ ? ' # , / " +
just write it down on the post-it note, and put it up on your monitor
>Isnt more lenght = more secure, and the rest is just bullshit?
Yes and No, it can't have a pattern. If your password is a sentence on wikipedia then it can be cracked.
But in general long = good.
The thing is most of the time they give you other specific criteria to fill that just make it easier for crackers to attack
>can't have more than 2 repeating characters (aaa, 111)
>can't have sequential characters (abc, 123)
It starts negating some of the benefits of a longer password because just those two things cut down on a fucklord of passwords needed to be tried for a brute force attack
And a lot of the times people just use the minimum character count needed so I'd say 70% of the time they'll only need to run through the entire combination of 8 character passwords with
1) At least one capital letter
2) At least one number
3) No repeating
4) No sequential
Someone needs to go through the numbers and see if forcing these critera adds too much advantage to an attacker
>your password must be less than 8 characters long
>your password cannot contain special characters
>all passwords are case-insensitive
This is my fucking bank. They treat HELLO and hello the exact same when you input your password.
how about the obvious ones
>keeping all your passwords in the same place
>trusting closed source software with your fucking passwords
you would be more secure with something like truecrypt, where you keep a small encrypted volume with a text file of your saved passwords. i wouldnt do this, but it is a much better solution. memorize your fucking passwords, even long ones would simply take an hour with some minor studying. stop being a retard
Lol? If its a password that by all accounts is great, 10+ char length, completely random, special characters out the ass ... why would this impact security at all?
It's a great idea.
Yes, it absolutely does benefit an attacker. I'm too lazy to calculate the entropy right now, but when you disallow repeating or sequential characters, entropy falls DRAMATICALLY.
The best way to ensure strong passwords is to run a proposed password through a dictionary, and if it's not there, accept it. Nothing else other than a minimum length. No presence/absence of numbers, capitols, punctuation, etc. Nothing. Just maximum entropy across a long string that doesn't occur in dictionaries.
Hash it right and you'll never get cracked.
lel I work in a call center, do tech support for employees, so many fucking people have shit passwords you have no idea. Sometimes where they put the username they'll end up putting their fucking passwords, swear to fuck. They would often also use the name of the comapny+1