Poll: are forums password requirements too complicated?

Chat about just about anything else

Are forums password requirements too complicated?

Not at all.
38
76%
Kinda.
5
10%
For sure!
7
14%
 
Total votes: 50

User avatar
Moem
Level 17
Level 17
Posts: 7020
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Poll: are forums password requirements too complicated?

Post by Moem » Wed Sep 05, 2018 10:16 am

Anarchy? Naw.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
Faust
Level 4
Level 4
Posts: 431
Joined: Thu Jul 14, 2016 3:40 am

Re: Poll: are forums password requirements too complicated?

Post by Faust » Wed Sep 05, 2018 11:18 am

Is it just me , or has this become the silliest thread in some time ?

And there have been some strong contenders for that dubious accolade recently .

Example :- the member who posted about searching for a secure browser , then argued against all the sound advice given .....

Edit : @jimallyn

I don't mean you .... :)
I fully support this as being a good thread/poll starter , especially in the light of the idiotic comment that I suspect may have prompted it .
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

User avatar
administrollaattori
Level 14
Level 14
Posts: 5471
Joined: Tue Sep 03, 2013 4:51 am
Location: Finland
Contact:

Re: Poll: are forums password requirements too complicated?

Post by administrollaattori » Wed Sep 05, 2018 12:09 pm

Does phpBB allow alhabeths like äöå with password?

gm10
Level 12
Level 12
Posts: 4123
Joined: Thu Jun 21, 2018 5:11 pm

Re: Poll: are forums password requirements too complicated?

Post by gm10 » Wed Sep 05, 2018 12:52 pm

administrollaattori wrote:
Wed Sep 05, 2018 12:09 pm
Does phpBB allow alhabeths like äöå with password?
heh, yeah, just allow the full unicode range and your complexity goes through the roof. Plus I could log in with something like this:

😍🤑🦉🦉

Make it so, karlchen. :lol:

You'd still need to keep a minimum length because just because you can use it doesn't mean someone won't use 1234 as their password, regardless.

User avatar
BG405
Level 7
Level 7
Posts: 1541
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Poll: are forums password requirements too complicated?

Post by BG405 » Wed Sep 05, 2018 1:03 pm

gm10 wrote:
Wed Sep 05, 2018 12:52 pm
You'd still need to keep a minimum length because just because you can use it doesn't mean someone won't use 1234 as their password, regardless.
:lol: :roll:
I know a lot of people use swear words, or acronyms thereof .. including a few in the medical profession :wink: Wonder how easily guessed these are (even if they also contain random characters)? :mrgreen:
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

gm10
Level 12
Level 12
Posts: 4123
Joined: Thu Jun 21, 2018 5:11 pm

Re: Poll: are forums password requirements too complicated?

Post by gm10 » Wed Sep 05, 2018 1:11 pm

BG405 wrote:
Wed Sep 05, 2018 1:03 pm
gm10 wrote:
Wed Sep 05, 2018 12:52 pm
You'd still need to keep a minimum length because just because you can use it doesn't mean someone won't use 1234 as their password, regardless.
:lol: :roll:
I know a lot of people use swear words, or acronyms thereof .. including a few in the medical profession :wink: Wonder how easily guessed these are (even if they also contain random characters)? :mrgreen:
Depends on the random characters, modern password crackers will use rainbow tables calculated from wordlists generated with the common substitutions and additions in mind. And that's pretty much the only bar you got to pass unless you've got really important data hidden behind that password. Nobody spends time actually brute-forcing password lists from random websites. The percentage of passwords found just using rainbow tables/pre-computed word lists is way too high for that to be worth it, plus often they got into the system using some vulnerability and manage to will try to snag your unencrypted password instead.

It's different for individual passwords. Like when your neighbor wants to get into your WLAN then they'll brute-force that password for sure (although issues with the protocols often allows to greatly reduce complexity required for forcing it). :twisted:

User avatar
BG405
Level 7
Level 7
Posts: 1541
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Poll: are forums password requirements too complicated?

Post by BG405 » Wed Sep 05, 2018 2:04 pm

gm10 wrote:
Wed Sep 05, 2018 1:11 pm
Like when your neighbor wants to get into your WLAN then they'll brute-force that password for sure (although issues with the protocols often allows to greatly reduce complexity required for forcing it).
Hopefully that risk will be mitigated by using MAC filtering, but I suppose they could be spoofed, too.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

gm10
Level 12
Level 12
Posts: 4123
Joined: Thu Jun 21, 2018 5:11 pm

Re: Poll: are forums password requirements too complicated?

Post by gm10 » Wed Sep 05, 2018 2:10 pm

BG405 wrote:
Wed Sep 05, 2018 2:04 pm
gm10 wrote:
Wed Sep 05, 2018 1:11 pm
Like when your neighbor wants to get into your WLAN then they'll brute-force that password for sure (although issues with the protocols often allows to greatly reduce complexity required for forcing it).
Hopefully that risk will be mitigated by using MAC filtering, but I suppose they could be spoofed, too.
Well, for any serious attempt cloning the MAC to one of an existing client would be the first thing you do, both to circumvent MAC filters - you might even get lucky and find an idiot who uses the MAC as their only authentication measure so get in without any effort - and to not show up as a third-party in their logs (should they have any). Your MAC isn't secret, it goes over the air for everyone to see (and clone).

In other words, MAC filtering is no security measure.

User avatar
xenopeek
Level 24
Level 24
Posts: 23111
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Poll: are forums password requirements too complicated?

Post by xenopeek » Wed Sep 05, 2018 2:13 pm

Time to go for WPA3.
Image

User avatar
BG405
Level 7
Level 7
Posts: 1541
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Poll: are forums password requirements too complicated?

Post by BG405 » Wed Sep 05, 2018 2:43 pm

gm10 wrote:
Wed Sep 05, 2018 2:10 pm
In other words, MAC filtering is no security measure.
On its own, no, but it must help when combined with a decent password & range limiting (if that actually works). Would someone NOT logged in to your network be able to see the MAC addresses of machines you have connected via WiFi? In that case it would be better to use Ethernet instead, which I do anyway for large file transfers.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

gm10
Level 12
Level 12
Posts: 4123
Joined: Thu Jun 21, 2018 5:11 pm

Re: Poll: are forums password requirements too complicated?

Post by gm10 » Wed Sep 05, 2018 2:47 pm

BG405 wrote:
Wed Sep 05, 2018 2:43 pm
gm10 wrote:
Wed Sep 05, 2018 2:10 pm
In other words, MAC filtering is no security measure.
Would someone NOT logged in to your network be able to see the MAC addresses of machines you have connected via WiFi?
Of course. Everybody capable of receiving your devices' radio waves (i.e. everybody in your block at least) will know your MAC address, and that's not the only thing.

So let me repeat with emphasis: MAC filtering is no security measure. Not even a little.

User avatar
BG405
Level 7
Level 7
Posts: 1541
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Poll: are forums password requirements too complicated?

Post by BG405 » Wed Sep 05, 2018 4:00 pm

gm10 wrote:
Wed Sep 05, 2018 2:47 pm
Of course. Everybody capable of receiving your devices' radio waves (i.e. everybody in your block at least) will know your MAC address, and that's not the only thing
Thanks for that valuable information.

I didn't realize it was THAT open, but it does make sense. It IS the primary machine (hardware device) identifier, after all, I believe.

I think xenopeek's suggestion may be a good one at this point.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

gm10
Level 12
Level 12
Posts: 4123
Joined: Thu Jun 21, 2018 5:11 pm

Re: Poll: are forums password requirements too complicated?

Post by gm10 » Wed Sep 05, 2018 4:22 pm

BG405 wrote:
Wed Sep 05, 2018 4:00 pm
I think xenopeek's suggestion may be a good one at this point.
Sure, but the MAC thing won't change with that. And while WPA3 will be quite a big step forward (no more lazy passive drive-by brute-forcing of all networks in your area, now you'll have to run active attacks), and despite it forcing encryptio now, don't get lulled into a false sense of security, always run additional encryption on top of the link where possible.

Besides, there's still even WEP networks around, WPA2 devices will stay around for years to come and WPA3-only networks will be super rare for quite a while yet.

User avatar
BG405
Level 7
Level 7
Posts: 1541
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Poll: are forums password requirements too complicated?

Post by BG405 » Wed Sep 05, 2018 4:43 pm

gm10 wrote:
Wed Sep 05, 2018 4:22 pm
Sure, but the MAC thing won't change with that. And while WPA3 will be quite a big step forward (no more lazy passive drive-by brute-forcing of all networks in your area, now you'll have to run active attacks), and despite it forcing encryptio now, don't get lulled into a false sense of security, always run additional encryption on top of the link where possible.
I do appreciate that it won't affect the MAC issue, however it would be good to discuss the encryption options. I think this would be better done in another thread though, if that's OK, unless it's already been covered elsewhere on the forum & I've missed it. Sorry I appear to have derailed the thread .. :wink:
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

Valsodar
Level 3
Level 3
Posts: 142
Joined: Thu Jul 19, 2018 11:30 pm
Location: Sofia, Bulgaria
Contact:

Re: Poll: are forums password requirements too complicated?

Post by Valsodar » Fri Sep 07, 2018 7:17 am

jimallyn wrote:
Sun Sep 02, 2018 4:15 pm
It has been suggested that the forums password requirements are too complicated:
Password must be between 10 characters and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols.
What do you think?
Nope. My passwords usually exceed the minimum number of characters and the rest of the requirements, even if the website doesn't have any requirements.

Post Reply

Return to “Open chat”