Poll: are forums password requirements too complicated?

Chat about just about anything else

Are forums password requirements too complicated?

Not at all.
38
76%
Kinda.
5
10%
For sure!
7
14%
 
Total votes: 50

Neil Edmond
Level 5
Level 5
Posts: 887
Joined: Thu Dec 26, 2013 10:19 am
Location: N.E. AR USA

Re: Poll: are forums password requirements too complicated?

Post by Neil Edmond » Mon Sep 03, 2018 8:08 am

gm10 wrote:
Mon Sep 03, 2018 3:25 am
When I need a new password, I just have my password manager generate one and then I forget about it. I see no need for simple passwords, ever.
Same here. Strong passwords should be complicated, and never repeated on another site.

User avatar
stephanieswitzer
Level 2
Level 2
Posts: 80
Joined: Mon Feb 26, 2018 12:49 pm
Location: Ontario

Re: Poll: are forums password requirements too complicated?

Post by stephanieswitzer » Mon Sep 03, 2018 9:11 am

I'm a little late to the discussion as I just returned from England. Anyway, online security is up to the individual, and I think that passwords are a key part of that security. I have over 170 unique passwords being managed with Dashlane. It may be a pain, but anyone who is serous about their online security should use a PW manager, unless they have one fantastic memory. And of course if a person doesn't like the PW rules of a particular web site, then they are free not to join.
Mac-Mini running MacOS and Linux Mint 19 Cinnamon (Dual Boot), Intel© Core™ i5-2415M CPU @ 2.30GHz × 2, 8 GiB, Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller

User avatar
xenopeek
Level 24
Level 24
Posts: 23101
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Poll: are forums password requirements too complicated?

Post by xenopeek » Mon Sep 03, 2018 9:27 am

Data breaches unfortunately happen. Seems like a month can't go by without reading about a data breach at some organization, affecting hundreds of millions of accounts. To stay at least somewhat safe online, do the following:
- use a unique password for each website
- use a password manager and let it generate passwords for you
- prefer to use long passwords
- prefer to use two-factor authentication (2FA)—so that to access your account you need to know something (password) and have something (like your smartphone to generate or receive a one-time access code)
- subscribe on https://haveibeenpwned.com/ to receive notifications when a websites where you have an account is involved in a data breach

While these days most websites will be storing passwords encrypted, very short and/or very simple passwords can be brute forced individually in minutes if not seconds. Brute forcing means repeatedly guessing a password, encrypting the guess with the same algorithm as the website used and comparing the result with the encrypted password from a database of accounts obtained through a data breach.

The current length and complexity requirements were put in place (see https://blog.linuxmint.com/?p=3013) following the data breach of the forums early 2016 (see https://blog.linuxmint.com/?p=3007). Dropping the complexity requirement would mean significantly increasing the minimum length requirement to keep the passwords at the same minimum difficulty to brute force. Length trumps complexity (see https://xkcd.com/936/) but enforcing a longer length was estimated to be more inconvenient for our users. A lot was done, and continues to be done, by Linux Mint and its security partners to improve security of its websites.

With the current password requirements you can expect a single computer to need a few years to brute force it. A supercomputer will do it in a few minutes. Drop the complexity requirements and use a weak password (two dictionary words for example) and the password can be brute forced within an hour on a single computer. A supercomputer would need a couple of nanoseconds (millionths of a second). You can dramatically increase the time needed to brute force your password by increasing the length. (Increasing length from 10 to 20 characters would make a supercomputer need a few thousands years to brute force it.)
Image

Pippin
Level 3
Level 3
Posts: 159
Joined: Wed Dec 13, 2017 11:14 am
Location: NL/DE/TH

Re: Poll: are forums password requirements too complicated?

Post by Pippin » Mon Sep 03, 2018 9:32 am

"I'm not in this world to live up your expectations, neither are you here to live up to mine.”
F.P. & P.T.

gm10
Level 12
Level 12
Posts: 4105
Joined: Thu Jun 21, 2018 5:11 pm

Re: Poll: are forums password requirements too complicated?

Post by gm10 » Mon Sep 03, 2018 10:08 am

Finally a voice of reason. Thanks xenopeek, was starting to lose hope. ;)

HaveaMint
Level 4
Level 4
Posts: 426
Joined: Fri Feb 02, 2018 9:56 pm
Location: Somewhere in the USA
Contact:

Re: Poll: are forums password requirements too complicated?

Post by HaveaMint » Mon Sep 03, 2018 10:12 am

Pass Phrases are what I use when allowed.
https://www.passworddragon.com/password-vs-passphrase
"Tune for maximum Smoke and then read the Instructions".

HaveaMint
Level 4
Level 4
Posts: 426
Joined: Fri Feb 02, 2018 9:56 pm
Location: Somewhere in the USA
Contact:

Re: Poll: are forums password requirements too complicated?

Post by HaveaMint » Mon Sep 03, 2018 10:18 am

However a passphrase on this site would be fairly easy to guess, IE:" I love linux mint because it got me away from windoze"
"Tune for maximum Smoke and then read the Instructions".

User avatar
BG405
Level 7
Level 7
Posts: 1537
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Poll: are forums password requirements too complicated?

Post by BG405 » Tue Sep 04, 2018 12:13 pm

Are the minimum requirements for password complexity sufficient to prevent easy* compromise by an attacker / hacker etc.? That is the important question for me.

Too complex? Definitely not!

*Without access to sufficiently powerful hardware such as a supercomputer such attacks would likely need to be targeted.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

gm10
Level 12
Level 12
Posts: 4105
Joined: Thu Jun 21, 2018 5:11 pm

Re: Poll: are forums password requirements too complicated?

Post by gm10 » Tue Sep 04, 2018 12:17 pm

BG405 wrote:
Tue Sep 04, 2018 12:13 pm
*Without access to sufficiently powerful hardware such as a supercomputer
Well, supercomputers not, but distributed computing is readily available and fairly cheap these days, and the malicious actors compromising account databases for commercial gain will probably just task this off to a botnet, anyway.

User avatar
Schultz
Level 6
Level 6
Posts: 1337
Joined: Thu Feb 25, 2016 8:57 pm

Re: Poll: are forums password requirements too complicated?

Post by Schultz » Tue Sep 04, 2018 5:41 pm

Neil Edmond wrote:
Same here. Strong passwords should be complicated,
Longer is better than complex. I think there shouldn't be a maximum allowed limit like this forum has (32 characters). It should be as long as the user wants.

User avatar
all41
Level 13
Level 13
Posts: 4834
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Poll: are forums password requirements too complicated?

Post by all41 » Tue Sep 04, 2018 6:49 pm

Schultz wrote:
Tue Sep 04, 2018 5:41 pm
Neil Edmond wrote:
Same here. Strong passwords should be complicated,
Longer is better than complex. I think there shouldn't be a maximum allowed limit like this forum has (32 characters). It should be as long as the user wants.
I don't trust important passwords to the cloud, and I sometimes find myself needing
to access a certain account without keypass handy.
Here is an example password: Wk0cdIs wbwbam wamohn?


pwstrength.png
Both long and complicated, has upper/lowercase, numbers, and symbols but easy to remember. Here is the mental clue.

What kind of clothes do I suppose would be worn by a man with mole on his nose?
A quote from an old tv series.
This is NOT my password :P , just an example of the formation.
Proud to be a supporter and monthly contributor to Mint.

User avatar
xenopeek
Level 24
Level 24
Posts: 23101
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Poll: are forums password requirements too complicated?

Post by xenopeek » Wed Sep 05, 2018 1:03 am

A supercomputer does it about 3 million times faster. Still takes 2.5 quintillion years. You're good.
Image

DAMIEN1307
Level 6
Level 6
Posts: 1143
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico

Re: Poll: are forums password requirements too complicated?

Post by DAMIEN1307 » Wed Sep 05, 2018 4:09 am

how long would it take for a super computer to crack mine ?...DAMIEN

It would take a computer about

177 UNDECILLION YEARS

to crack your password
ORDO AB CHAO

User avatar
catweazel
Level 17
Level 17
Posts: 7747
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Poll: are forums password requirements too complicated?

Post by catweazel » Wed Sep 05, 2018 4:16 am

DAMIEN1307 wrote:
Wed Sep 05, 2018 4:09 am
177 UNDECILLION YEARS
10 million years is good enough for me.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

HaveaMint
Level 4
Level 4
Posts: 426
Joined: Fri Feb 02, 2018 9:56 pm
Location: Somewhere in the USA
Contact:

Re: Poll: are forums password requirements too complicated?

Post by HaveaMint » Wed Sep 05, 2018 4:21 am

catweazel wrote:
Wed Sep 05, 2018 4:16 am
DAMIEN1307 wrote:
Wed Sep 05, 2018 4:09 am
177 UNDECILLION YEARS
10 million years is good enough for me.
And you have been alive half of that time :lol: :lol:
"Tune for maximum Smoke and then read the Instructions".

User avatar
catweazel
Level 17
Level 17
Posts: 7747
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Poll: are forums password requirements too complicated?

Post by catweazel » Wed Sep 05, 2018 4:29 am

HaveaMint wrote:
Wed Sep 05, 2018 4:21 am
catweazel wrote:
Wed Sep 05, 2018 4:16 am
DAMIEN1307 wrote:
Wed Sep 05, 2018 4:09 am
177 UNDECILLION YEARS
10 million years is good enough for me.
And you have been alive half of that time :lol: :lol:
Harharhar!
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

altair4
Level 19
Level 19
Posts: 9275
Joined: Tue Feb 03, 2009 10:27 am

Re: Poll: are forums password requirements too complicated?

Post by altair4 » Wed Sep 05, 2018 8:56 am

I have a completely different perspective on all this. I don't think the forum should have any passwords.

The way I see it the NSA, CIA, the government of China, preteen Russian kids, Google, Amazon, etc.. already has access to all of my records and financial accounts. The only reason I haven't been personally harmed in any way is because once in they find it wasn't worth the trouble.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.

srq2625
Level 4
Level 4
Posts: 359
Joined: Tue Jan 08, 2013 11:35 am
Location: State: Constant Confusion, Country: D'oh

Re: Poll: are forums password requirements too complicated?

Post by srq2625 » Wed Sep 05, 2018 9:45 am

altair4 wrote:
Wed Sep 05, 2018 8:56 am
I have a completely different perspective on all this. I don't think the forum should have any passwords.
I see one really huge issue with this perspective. Scenario:
  1. I "log on" as you
  2. I say mean and disparaging things about, oh I don't know - say catweazel
  3. Now the moderators/administrators have a task to determine exactly who did it - just for the purposes of banning and/or disciplining me. And, if I did it from an Internet Café instead of from one of my usual machines - attribution might be an issue
Just sayin'

Oh, and my forum password is 3 sextillion years secure - good enough for me.

User avatar
Moem
Level 17
Level 17
Posts: 7015
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Poll: are forums password requirements too complicated?

Post by Moem » Wed Sep 05, 2018 9:46 am

altair4 wrote:
Wed Sep 05, 2018 8:56 am
I have a completely different perspective on all this. I don't think the forum should have any passwords.
Then how should we avoid users posting under other user's names, editing other user's posts and so on?
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

gm10
Level 12
Level 12
Posts: 4105
Joined: Thu Jun 21, 2018 5:11 pm

Re: Poll: are forums password requirements too complicated?

Post by gm10 » Wed Sep 05, 2018 10:09 am

Moem wrote:
Wed Sep 05, 2018 9:46 am
altair4 wrote:
Wed Sep 05, 2018 8:56 am
I have a completely different perspective on all this. I don't think the forum should have any passwords.
Then how should we avoid users posting under other user's names, editing other user's posts and so on?
anarchy now.jpg
anarchy now.jpg (15.14 KiB) Viewed 113 times

Post Reply

Return to “Open chat”