Poll: are forums password requirements too complicated?
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Re: Poll: are forums password requirements too complicated?
Anarchy? Naw.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Poll: are forums password requirements too complicated?
Is it just me , or has this become the silliest thread in some time ?
And there have been some strong contenders for that dubious accolade recently .
Example :- the member who posted about searching for a secure browser , then argued against all the sound advice given .....
Edit : @jimallyn
I don't mean you ....
I fully support this as being a good thread/poll starter , especially in the light of the idiotic comment that I suspect may have prompted it .
And there have been some strong contenders for that dubious accolade recently .
Example :- the member who posted about searching for a secure browser , then argued against all the sound advice given .....
Edit : @jimallyn
I don't mean you ....
I fully support this as being a good thread/poll starter , especially in the light of the idiotic comment that I suspect may have prompted it .
Re: Poll: are forums password requirements too complicated?
Does phpBB allow alhabeths like äöå with password?
Re: Poll: are forums password requirements too complicated?
heh, yeah, just allow the full unicode range and your complexity goes through the roof. Plus I could log in with something like this:administrollaattori wrote: ⤴Wed Sep 05, 2018 12:09 pm Does phpBB allow alhabeths like äöå with password?
Make it so, karlchen.
You'd still need to keep a minimum length because just because you can use it doesn't mean someone won't use 1234 as their password, regardless.
Re: Poll: are forums password requirements too complicated?
I know a lot of people use swear words, or acronyms thereof .. including a few in the medical profession Wonder how easily guessed these are (even if they also contain random characters)?
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Re: Poll: are forums password requirements too complicated?
Depends on the random characters, modern password crackers will use rainbow tables calculated from wordlists generated with the common substitutions and additions in mind. And that's pretty much the only bar you got to pass unless you've got really important data hidden behind that password. Nobody spends time actually brute-forcing password lists from random websites. The percentage of passwords found just using rainbow tables/pre-computed word lists is way too high for that to be worth it, plus often they got into the system using some vulnerability and manage to will try to snag your unencrypted password instead.
It's different for individual passwords. Like when your neighbor wants to get into your WLAN then they'll brute-force that password for sure (although issues with the protocols often allows to greatly reduce complexity required for forcing it).
Re: Poll: are forums password requirements too complicated?
Hopefully that risk will be mitigated by using MAC filtering, but I suppose they could be spoofed, too.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Re: Poll: are forums password requirements too complicated?
Well, for any serious attempt cloning the MAC to one of an existing client would be the first thing you do, both to circumvent MAC filters - you might even get lucky and find an idiot who uses the MAC as their only authentication measure so get in without any effort - and to not show up as a third-party in their logs (should they have any). Your MAC isn't secret, it goes over the air for everyone to see (and clone).
In other words, MAC filtering is no security measure.
Re: Poll: are forums password requirements too complicated?
Time to go for WPA3.
Re: Poll: are forums password requirements too complicated?
On its own, no, but it must help when combined with a decent password & range limiting (if that actually works). Would someone NOT logged in to your network be able to see the MAC addresses of machines you have connected via WiFi? In that case it would be better to use Ethernet instead, which I do anyway for large file transfers.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Re: Poll: are forums password requirements too complicated?
Of course. Everybody capable of receiving your devices' radio waves (i.e. everybody in your block at least) will know your MAC address, and that's not the only thing.
So let me repeat with emphasis: MAC filtering is no security measure. Not even a little.
Re: Poll: are forums password requirements too complicated?
Thanks for that valuable information.
I didn't realize it was THAT open, but it does make sense. It IS the primary machine (hardware device) identifier, after all, I believe.
I think xenopeek's suggestion may be a good one at this point.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Re: Poll: are forums password requirements too complicated?
Sure, but the MAC thing won't change with that. And while WPA3 will be quite a big step forward (no more lazy passive drive-by brute-forcing of all networks in your area, now you'll have to run active attacks), and despite it forcing encryptio now, don't get lulled into a false sense of security, always run additional encryption on top of the link where possible.
Besides, there's still even WEP networks around, WPA2 devices will stay around for years to come and WPA3-only networks will be super rare for quite a while yet.
Re: Poll: are forums password requirements too complicated?
I do appreciate that it won't affect the MAC issue, however it would be good to discuss the encryption options. I think this would be better done in another thread though, if that's OK, unless it's already been covered elsewhere on the forum & I've missed it. Sorry I appear to have derailed the thread ..gm10 wrote: ⤴Wed Sep 05, 2018 4:22 pm Sure, but the MAC thing won't change with that. And while WPA3 will be quite a big step forward (no more lazy passive drive-by brute-forcing of all networks in your area, now you'll have to run active attacks), and despite it forcing encryptio now, don't get lulled into a false sense of security, always run additional encryption on top of the link where possible.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Re: Poll: are forums password requirements too complicated?
Nope. My passwords usually exceed the minimum number of characters and the rest of the requirements, even if the website doesn't have any requirements.
Core i7-4770, Palit GTX 1660 Ti, 32GB DDR3 RAM, Firefox, Arch LTS w/ Cinnamon 5.2.7
My Linux group on Telegram
Avatar & desktop: https://ibb.co/album/GFx0yV
My Linux group on Telegram
Avatar & desktop: https://ibb.co/album/GFx0yV