Password to log in here...

Questions about the project and the distribution - obviously no support questions here please
User avatar
MtnDewManiac
Level 6
Level 6
Posts: 1462
Joined: Fri Feb 22, 2013 5:18 pm
Location: United States

Re: Password to log in here...

Post by MtnDewManiac » Sat Jan 26, 2019 12:49 am

karlchen wrote:
Thu Jan 10, 2019 1:39 pm
The good thing: no need to kill you in order to get your fingerprints and your retina scan.
The bad news: ain't secure, either.
The really bad news: It is usually a whole lot simpler and safer for them to go ahead and do so. Faster, too, since corpses don't complain nearly as much about having bits sawn off / plucked out of them :lol: .
rene wrote:
Thu Jan 10, 2019 5:03 am
xenopeek wrote:
Thu Jan 10, 2019 4:48 am
Our reason for the password requirements are clear I think.
They aren't but I'm very aware that you will continue to believe they are. Your site...
Go back and read some of the panic-laden threads that were posted shortly after this website (or one of the ones associated with it) got hit, maybe that will help.

Regards,
MDM
Mint 18 Xfce 4.12.

If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.

rene
Level 12
Level 12
Posts: 4415
Joined: Sun Mar 27, 2016 6:58 pm

Re: Password to log in here...

Post by rene » Sat Jan 26, 2019 7:27 am

MtnDewManiac wrote:
Sat Jan 26, 2019 12:49 am
rene wrote:
Thu Jan 10, 2019 5:03 am
xenopeek wrote:
Thu Jan 10, 2019 4:48 am
Our reason for the password requirements are clear I think.
They aren't but I'm very aware that you will continue to believe they are. Your site...
Go back and read some of the panic-laden threads that were posted shortly after this website (or one of the ones associated with it) got hit, maybe that will help.
If you're simply saying that's the reason for the current forum configuration, yes, certainly. And as I was very explicit about, my only gripe is with the overblown specificity of the password requirements. That is, if you're saying it's also a good reason you have just said that none of the existing password managers are by default secure, given that none go that far overboard with the specificity.

As also mentioned I find the symbols requirement to be worst. I.e., I do in fact memorize a few passwords even if they were randomly generated due to sometimes having or wanting to quickly check something when I'm not near a personal system. You try and find a percent sign while it's not displayed on some random on-screen keyboard for a five generation old iPad configured for Bulgarian. No, not making it up.

But see, this is what in the end annoys me most about "security" discussions on the general internet. Because unless you did in fact only say the first, what you seem to be saying amounts to the usual binary, black or white, all or nothing statement so familiar from those discussions. As if I would've said that complexity of passwords is not important, period, even when all I did in fact say is that the deep specificity on this particular forum interferes with people's personal systems, even when those personal systems are very secure to begin with. All that in the form of the also usual authoritative sounding one-liner without detail or explanation due to commenter in fact being scared witless of being called on any detail.

Yes, I'm touchy on the subject. Although quite aware it will/may sound arrogant or empty as well, I do in fact have a better than average understanding of at least the mathematics behind encryption, as such of some of the potential weaknesses. At that level, mind you; they in fact usually exist at the level of the IT sometimes, psychology usually. But it still means I can not stand the level of "pretend" that surrounds this subject on the general internet, and as sketched above.

Of course anyone feel free to alpha male the shit out of the internet in their free time but at the very least invest something real into it...

User avatar
Schultz
Level 7
Level 7
Posts: 1651
Joined: Thu Feb 25, 2016 8:57 pm

Re: Password to log in here...

Post by Schultz » Sat Jan 26, 2019 2:59 pm

I wonder if the OP ever came back to read the replies . . . . :?:

User avatar
xenopeek
Level 24
Level 24
Posts: 24180
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Password to log in here...

Post by xenopeek » Sat Jan 26, 2019 4:26 pm

Nope :)
Image

User avatar
MrEen
Level 15
Level 15
Posts: 5808
Joined: Mon Jun 12, 2017 8:39 pm

Re: Password to log in here...

Post by MrEen » Sat Jan 26, 2019 4:57 pm

Probably forgot the password. :lol:

User avatar
mrmajik45
Level 5
Level 5
Posts: 597
Joined: Tue Aug 29, 2017 9:51 pm
Location: USA, indiana
Contact:

Re: Password to log in here...

Post by mrmajik45 » Mon Jan 28, 2019 2:51 pm

And also forgot their email password so they can't change their linux mint password XD.
ReactOS Donator ~ $5.00 | Linux Mint Donator ~ $1.00 in BTC

rickNS
Level 5
Level 5
Posts: 528
Joined: Tue Jan 25, 2011 11:59 pm

Re: Password to log in here...

Post by rickNS » Tue Jan 29, 2019 7:30 pm

Pretty sure my password here has no symbol in it, but I haven't logged out since I can remember, if that makes a difference.
And maybe I'm just wrong, haha.
Mint 18 mate on 2 identical Thinkpad T420's

WHVW
Level 4
Level 4
Posts: 452
Joined: Tue May 19, 2015 4:31 pm

Re: Password to log in here...

Post by WHVW » Tue Jan 29, 2019 10:02 pm

Hi All:

Let's face it: passwords are a healthy pain where you don't need a pain. Who actually likes passwords? Irritation is directly proportional to complexity.That fact has been clearly expressed in this post.
There should, however, be a happy medium.
First off, let's "get real". This is a site to generate an exchange of helpful information, problem-solving and fellowship for Linux devotees, that's all. It is not the place where CIA, MI6 or FBI agents log in to file reports or receive instructions. Nor does it issue credit cards or provide banking services. In short, there is (or should be) very little monetise-able data here, hence it is a low-value target. Yes, I know this site suffered a malicious attack a few years back, but most attacks (as far as I've seen ) are perpetrated to make money...what money could be made selling the info on this site? No credit card numbers, birthdates, Social Security numbers or bank account details. Based on that, it would seem that the probability of attack is rather low.
Couldn't the password system be hardened a bit (if that is absolutely necessary) without resorting to hassling users with hard to remember (or type) characters?

User avatar
lsemmens
Level 9
Level 9
Posts: 2676
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Password to log in here...

Post by lsemmens » Wed Jan 30, 2019 11:24 pm

WHVW wrote:
Tue Jan 29, 2019 10:02 pm
......, but most attacks (as far as I've seen ) are perpetrated to make money...what money could be made selling the info on this site? No credit card numbers, birthdates, Social Security numbers or bank account details. Based on that, it would seem that the probability of attack is rather low...
You miss the point. whilst many "low value" sites do not handle financial data, they do contain loads of personal information of the members, not the least of these being passwords. There are many people who use the same password for all of their sites. So, if I (as a hacker) can gain information on you by stealing your password here, I can then (by virtue of the fact that I now have more information about you that when I started) search for other sites that might carry your info and work on gaining a profile (especially if you use the same passwords there, too) on you. Very quickly I could create a false identity which IS worth money on the black market. You might then find that you name is appearing in relation to financial fraud. Proving yourself innocent is NOT EASY.
Kernel: 4.15.0-46-generic x86_64 bits
Desktop: Cinnamon 3.8.9
Distro: Linux Mint 19 Tara

Laptop HP-ProBook-470-G2 8Gb RAM SSD
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
+ three other Mint machines
Out of my mind - please leave a message

cliffcoggin
Level 5
Level 5
Posts: 532
Joined: Sat Sep 17, 2016 6:40 pm
Location: England

Re: Password to log in here...

Post by cliffcoggin » Thu Jan 31, 2019 6:06 am

lsemmens wrote:
Wed Jan 30, 2019 11:24 pm

You miss the point. whilst many "low value" sites do not handle financial data, they do contain loads of personal information of the members, not the least of these being passwords. There are many people who use the same password for all of their sites. So, if I (as a hacker) can gain information on you by stealing your password here, I can then (by virtue of the fact that I now have more information about you that when I started) search for other sites that might carry your info and work on gaining a profile (especially if you use the same passwords there, too) on you. Very quickly I could create a false identity which IS worth money on the black market. You might then find that you name is appearing in relation to financial fraud. Proving yourself innocent is NOT EASY.
Well said. With the ready availability of password manager software I am happy to have many long complex passwords, though I am not foolish enough to believe that they will always be undecypherable.
Cliff Coggin
Mint 18.3 Cinnamon

markfilipak
Level 5
Level 5
Posts: 916
Joined: Sun Mar 10, 2013 8:08 pm
Location: Ohio (formerly California), USA

Re: Password to log in here...

Post by markfilipak » Sun Apr 21, 2019 12:46 am

karlchen wrote:
Thu Jan 10, 2019 11:20 am
...the Mint makers set up the password requirements in the way they did in order to spare you, the forum users, and the forum management team the trouble of your forum accounts being hacked too easily, simply because you chose too simple passwords....
And the problem solved by complex passwords in a public forum is... what? If someone hacks my forum password... ooooo... they could impersonate me? And do what? Post illegal material on the 'forums.linuxmint.com' site? They can create an account and do that now.
Last edited by xenopeek on Sun Apr 21, 2019 7:08 am, edited 1 time in total.
Reason: edited to remove offensive example

Locked

Return to “Non-technical Questions”