password

[GoneCrazy]

why'd you guys make there be rules for your password? i was quite content with my old password (all letters) and now i had to change it to the password i use on a different site (letters, symbols, and numbers).

[Exonerate]

Because we had people's accounts cracked because they used unsecure passwords. So we decided to force them to make it alphanumeric so it would be harder to crack.

[GoneCrazy]

shouldn't you have maybe just suggested a better password, and not forced people to have one?

[aerius]

Because you touch yourself at night. Actually it's because want you to forget your password so we can purge your account to free up more server space. Actually I have no idea what I'm talking about, so listen to what that other guy said.

[phongn]

why'd you guys make there be rules for your password? i was quite content with my old password (all letters) and now i had to change it to the password i use on a different site (letters, symbols, and numbers).

Because the types of passwords you want can be broken relatively easily via dictionary search. Thus, we force users to have a more difficult password so that we minimize future problems of the sort.

[GoneCrazy]

lol. that's kind of funny aerius.

[GoneCrazy]

but shouldn't what happens on a user's account be the user's responsibility? if a user's account gets cracked then its the user's fault, and anything the cracker does with the account can be blamed on the user's negligence. i still don't see why it shouldn't be totally optional.

[General Zod]

this also makes it harder for idiots to go about posting stupid things and then claim that the stupidity was a result of their password being hacked. otherwise any script kiddy could use brute force programs to break someone's password, which would cause all kinds of trouble.

EDIT: also, blaming a user for someone hacking into their account is stupid. while they may have some responsibility for making their password easy to crack, someone else decided to do so on their own, and is responsible for actually breaking it. so they both share some of the blame, but it's not completely the user's fault.

[Exonerate]

On the other hand, any idiot who makes their password "password" or something like that deserves to be shot...

IIRC, TK managed to grab passwords this way. It may be your responsibility to keep a secure password, but if you fail to do so, it affects all of us.

[General Zod]

i'll agree to that. making a password from the most commonly used words is just plain moronic. like making the password either password, admin, god, love, hate, etc. in that case they deserve to be smacked.

[GrandMasterTerwynn]

but shouldn't what happens on a user's account be the user's responsibility? if a user's account gets cracked then its the user's fault, and anything the cracker does with the account can be blamed on the user's negligence. i still don't see why it shouldn't be totally optional.

Well, if some malicious fuckwit got his or her hands on the password of John Q. User, they could either make a lot of spam posts linking to high-bandwidth pictures, or pornography or hate sites. The spurious posts would not only cause the site to tank for the rest of us, but if someone's parent happens to be looking over their child's shoulder while such an attack is taking place, they might take it on themselves to make an official complaint, causing the site to be shut down. And that's just the damage a bog-standard user can inflict, the thought of a moderator account getting cracked is even more frightening when one thinks of the damage that can be caused there.

So password security is very important. One should not take so blaise an attitude toward it.

[Tsyroc]

i'll agree to that. making a password from the most commonly used words is just plain moronic. like making the password either password, admin, god, love, hate, etc. in that case they deserve to be smacked.

I like the Pointy Haired Boss' password from Dilbert. "*******"

[Sarevok]

but shouldn't what happens on a user's account be the user's responsibility? if a user's account gets cracked then its the user's fault, and anything the cracker does with the account can be blamed on the user's negligence. i still don't see why it shouldn't be totally optional.

Most of the time yes. But in certain cases hackers employ techniques far more advanced than simple dictionary attack. Luckily script kiddies are not programmers and dont have the knowledge to pull this off.

[kojikun]

its called preventative measures. holy crap, just shut up and accept thef act. mike says use full alphanumerics, so you do. whats so fucking hard to get.

[ArmorPierce]

hmm that reminds me, I've changed my password and I don't remember the password

[Rogue 9]

hmm that reminds me, I've changed my password and I don't remember the password

Brilliant, Holmes.

[Sharp-kun]

but shouldn't what happens on a user's account be the user's responsibility? if a user's account gets cracked then its the user's fault, and anything the cracker does with the account can be blamed on the user's negligence. i still don't see why it shouldn't be totally optional.

Its still a pain for other members.

We had this once on Animenation. A members brother found out their password, and ended up spamming the forum badly, and posting all sorts of offensive shit just to get his brother banned. It pisses off other members.

[Faram]

Stop wining and get Password Safe.

Password Safe
The security of Blowfish in a password database
Support
The current version of Password Safe is an open source project, which you can download from its Sourceforge page. Please use the Sourceforge tracking system for feature requests and bug reports. (Update: The first public release of version 2.0 came out on December 15, 2003.)

For support of 1.7.1 and earlier versions, see the Password Safe FAQ or e-mail passwordsafe@counterpane.com. You can still download Password Safe 1.7.1 from this web site.

Many computer users today have to keep track of dozens of passwords: for network accounts, online services, premium web sites. Some write their passwords on a piece of paper, leaving their accounts vulnerable to thieves or in-house snoops. Others choose the same password for different applications, which makes life easy for intruders of all kinds.

With Password Safe, a free Windows 9x/2000 utility from Counterpane Labs, users can keep their passwords securely encrypted on their computers. A single Safe Combination--just one thing to remember--unlocks them all.

Password Safe protects passwords with the Blowfish encryption algorithm, a fast, free alternative to DES. The program's security has been thoroughly verified by Counterpane Labs under the supervision of Bruce Schneier, author of Applied Cryptography and creator of the Blowfish algorithm.

Password Safe features a simple, intuitive interface that lets users set up their password database in minutes. You can copy a password just by double-clicking, and paste it directly into your application. Best of all, Password Safe is completely free: no license requirements, shareware fees, or other strings attached.

See the Blowfish page for more information on the Blowfish algorithm, including links to more than 120 other products that use Blowfish.

Counterpane Internet Security, Inc. Home Page.

This is badass stuff make the passphrase +25 char long and it's next to impossible to break it, we arer talikng impossible for NSA and those guys the script kiddie next door...

D/L Linky

[Dalton]

Strong password rules are enforced because some people are fucking stupid when selecting passwords. I remember someone here once had the password "password".

This isn't optional, nor should it be. We're not going to have some script-kiddie fucker running around and posting disgusting images in a spree of childish bullshit, not to mention crack moderator accounts and majorly fuck up several threads, just because some whiny newbie is complaining that his password has to be complicated now.

End of story, thread locked. Live with it.