Password to log in here...

[MtnDewManiac]

The good thing: no need to kill you in order to get your fingerprints and your retina scan.
The bad news: ain't secure, either.

The really bad news: It is usually a whole lot simpler and safer for them to go ahead and do so. Faster, too, since corpses don't complain nearly as much about having bits sawn off / plucked out of them .

Our reason for the password requirements are clear I think.

They aren't but I'm very aware that you will continue to believe they are. Your site...

Go back and read some of the panic-laden threads that were posted shortly after this website (or one of the ones associated with it) got hit, maybe that will help.

Regards,
MDM

[rene]

Our reason for the password requirements are clear I think.

They aren't but I'm very aware that you will continue to believe they are. Your site...

Go back and read some of the panic-laden threads that were posted shortly after this website (or one of the ones associated with it) got hit, maybe that will help.

If you're simply saying that's the reason for the current forum configuration, yes, certainly. And as I was very explicit about, my only gripe is with the overblown specificity of the password requirements. That is, if you're saying it's also a good reason you have just said that none of the existing password managers are by default secure, given that none go that far overboard with the specificity.

As also mentioned I find the symbols requirement to be worst. I.e., I do in fact memorize a few passwords even if they were randomly generated due to sometimes having or wanting to quickly check something when I'm not near a personal system. You try and find a percent sign while it's not displayed on some random on-screen keyboard for a five generation old iPad configured for Bulgarian. No, not making it up.

But see, this is what in the end annoys me most about "security" discussions on the general internet. Because unless you did in fact only say the first, what you seem to be saying amounts to the usual binary, black or white, all or nothing statement so familiar from those discussions. As if I would've said that complexity of passwords is not important, period, even when all I did in fact say is that the deep specificity on this particular forum interferes with people's personal systems, even when those personal systems are very secure to begin with. All that in the form of the also usual authoritative sounding one-liner without detail or explanation due to commenter in fact being scared witless of being called on any detail.

Yes, I'm touchy on the subject. Although quite aware it will/may sound arrogant or empty as well, I do in fact have a better than average understanding of at least the mathematics behind encryption, as such of some of the potential weaknesses. At that level, mind you; they in fact usually exist at the level of the IT sometimes, psychology usually. But it still means I can not stand the level of "pretend" that surrounds this subject on the general internet, and as sketched above.

Of course anyone feel free to alpha male the shit out of the internet in their free time but at the very least invest something real into it...

[Schultz]

I wonder if the OP ever came back to read the replies . . . .

[xenopeek]

Nope

[MrEen]

Probably forgot the password.

[mrmajik45]

And also forgot their email password so they can't change their linux mint password XD.

[rickNS]

Pretty sure my password here has no symbol in it, but I haven't logged out since I can remember, if that makes a difference.
And maybe I'm just wrong, haha.

[WHVW]

Hi All:

Let's face it: passwords are a healthy pain where you don't need a pain. Who actually likes passwords? Irritation is directly proportional to complexity.That fact has been clearly expressed in this post.
There should, however, be a happy medium.
First off, let's "get real". This is a site to generate an exchange of helpful information, problem-solving and fellowship for Linux devotees, that's all. It is not the place where CIA, MI6 or FBI agents log in to file reports or receive instructions. Nor does it issue credit cards or provide banking services. In short, there is (or should be) very little monetise-able data here, hence it is a low-value target. Yes, I know this site suffered a malicious attack a few years back, but most attacks (as far as I've seen ) are perpetrated to make money...what money could be made selling the info on this site? No credit card numbers, birthdates, Social Security numbers or bank account details. Based on that, it would seem that the probability of attack is rather low.
Couldn't the password system be hardened a bit (if that is absolutely necessary) without resorting to hassling users with hard to remember (or type) characters?

[lsemmens]

......, but most attacks (as far as I've seen ) are perpetrated to make money...what money could be made selling the info on this site? No credit card numbers, birthdates, Social Security numbers or bank account details. Based on that, it would seem that the probability of attack is rather low...

You miss the point. whilst many "low value" sites do not handle financial data, they do contain loads of personal information of the members, not the least of these being passwords. There are many people who use the same password for all of their sites. So, if I (as a hacker) can gain information on you by stealing your password here, I can then (by virtue of the fact that I now have more information about you that when I started) search for other sites that might carry your info and work on gaining a profile (especially if you use the same passwords there, too) on you. Very quickly I could create a false identity which IS worth money on the black market. You might then find that you name is appearing in relation to financial fraud. Proving yourself innocent is NOT EASY.

[cliffcoggin]

You miss the point. whilst many "low value" sites do not handle financial data, they do contain loads of personal information of the members, not the least of these being passwords. There are many people who use the same password for all of their sites. So, if I (as a hacker) can gain information on you by stealing your password here, I can then (by virtue of the fact that I now have more information about you that when I started) search for other sites that might carry your info and work on gaining a profile (especially if you use the same passwords there, too) on you. Very quickly I could create a false identity which IS worth money on the black market. You might then find that you name is appearing in relation to financial fraud. Proving yourself innocent is NOT EASY.

Well said. With the ready availability of password manager software I am happy to have many long complex passwords, though I am not foolish enough to believe that they will always be undecypherable.

[markfilipak]

...the Mint makers set up the password requirements in the way they did in order to spare you, the forum users, and the forum management team the trouble of your forum accounts being hacked too easily, simply because you chose too simple passwords....

And the problem solved by complex passwords in a public forum is... what? If someone hacks my forum password... ooooo... they could impersonate me? And do what? Post illegal material on the 'forums.linuxmint.com' site? They can create an account and do that now.