I worked at a place where I had to have a password to get onto my desktop. Another one to get onto the local mainframe. And one more onto the corporate mainframe. Passwords expired after 30 days. You got logged out after 10 minutes of inactivity. Passwords were always out of sync. I’d log into all three and have to do some work on my desktop. If I had to go deeper again I’d have to log in again. There were days when I spent more time logging in than actual work
Two years ago I lost the password to my MS laptop. The local shop reset it for $140. I lost no data and I did learn the backdoor method for Windows password reset. Since then I’ve dumped Windows and moved to linux. I encrypted all the hard drives as well.
I liked my old Navy Fire Control computer, (Mk 47, mod 8). It didn’t need any passwords. It ran on gears and cams to compute where to point the 5" guns. Good for surface and air targets, (up to super sonic speeds supposedly – the Navy though never wasted any high-speed drones for me to find out if that was true).
When I first started in IT 30 years ago, user password requirement was minimum six characters. If you wanted to guess a user’s password, all you had to do was know their favorite sports team or their dog’s name. Now my password must be changed daily (expires after 10 hours), minimum 16 characters, and can never be reused. And that’s just for one of my passwords.
Actually, I read a paper on that approach. The point of the password is as proof of identity. So if you say allow a pair of letters to be transposed, or other kinds of small transcription errors that happen when people type quickly, you get a big reduction in hassle to the user, with only a slight reduction in the strength of the proof. “Close enough” really does make sense from the user perspective, and doesn’t change the security principles.
No one has really worked on it, though, because the real point is that one shouldn’t use passwords for anything “serious”, while shared secrets (e.g. from a password manager) are ok, for many applications, the idea of having a human being memorize these things just makes no sense.
There’s a joke about a guy who used “incorrect” as his password. If he entered it wrong, the computer would tell him what it is: “Your password is incorrect.”
dadthedawg over 1 year ago
Absolutely, you need caps, numbers, and special characters…..
willispate over 1 year ago
believe me Cosmo, I’ve been there many a time.
stairsteppublishing over 1 year ago
More than just a hint, please.
eastern.woods.metal over 1 year ago
I worked at a place where I had to have a password to get onto my desktop. Another one to get onto the local mainframe. And one more onto the corporate mainframe. Passwords expired after 30 days. You got logged out after 10 minutes of inactivity. Passwords were always out of sync. I’d log into all three and have to do some work on my desktop. If I had to go deeper again I’d have to log in again. There were days when I spent more time logging in than actual work
pschearer Premium Member over 1 year ago
Computers are not good at approximation.
Zykoic over 1 year ago
Two years ago I lost the password to my MS laptop. The local shop reset it for $140. I lost no data and I did learn the backdoor method for Windows password reset. Since then I’ve dumped Windows and moved to linux. I encrypted all the hard drives as well.
littlejohn Premium Member over 1 year ago
I liked my old Navy Fire Control computer, (Mk 47, mod 8). It didn’t need any passwords. It ran on gears and cams to compute where to point the 5" guns. Good for surface and air targets, (up to super sonic speeds supposedly – the Navy though never wasted any high-speed drones for me to find out if that was true).
bdpoltergeist Premium Member over 1 year ago
YES!!!
Meg: All Seriousness Aside over 1 year ago
My recent web apps allow for caps lock. So if your password is MyNameIsFred and you type mYnAMEiSfRED, it takes it.
david_42 over 1 year ago
Allthatreallymattersispasswordlength. 35 characters and nothing can crack it.
fgerbil46 over 1 year ago
WINDOWS PASSWORD
WINDOWS: Please enter your new password.
USER: potato
WINDOWS: Sorry, the password must be more than 8 characters.
USER: boiled potato
WINDOWS: Sorry, the password must contain 1 numerical character.
USER: 1 boiled potato
WINDOWS: Sorry, the password cannot have blank spaces.
USER: 20boiledpotatoes
WINDOWS: Sorry, the password must contain at least one uppercase character.
USER: 20BOILEDpotatoes
WINDOWS: Sorry, the password cannot use more than one uppercase character consecutively.
USER: 20BoIlEdPotatoesYouIdiotGiveMeAccessNow!
WINDOWS: Sorry, the password cannot contain punctuation.
USER: IWillHuntYouDown20BoIlEdPotatoesYouIdiotGiveMeAccessNow
WINDOWS: SORRY, THAT PASSWORD IS ALREADY IN USE
holdenrex over 1 year ago
When I first started in IT 30 years ago, user password requirement was minimum six characters. If you wanted to guess a user’s password, all you had to do was know their favorite sports team or their dog’s name. Now my password must be changed daily (expires after 10 hours), minimum 16 characters, and can never be reused. And that’s just for one of my passwords.
woodyweaver over 1 year ago
Actually, I read a paper on that approach. The point of the password is as proof of identity. So if you say allow a pair of letters to be transposed, or other kinds of small transcription errors that happen when people type quickly, you get a big reduction in hassle to the user, with only a slight reduction in the strength of the proof. “Close enough” really does make sense from the user perspective, and doesn’t change the security principles.
No one has really worked on it, though, because the real point is that one shouldn’t use passwords for anything “serious”, while shared secrets (e.g. from a password manager) are ok, for many applications, the idea of having a human being memorize these things just makes no sense.
kathleenhicks62 over 1 year ago
Or “We know who you are- – just messing with you.” Then let things happen +/- whatever.
JP Steve Premium Member over 1 year ago
https://xkcd.com/936/
LeftCoastKen Premium Member over 1 year ago
There’s a joke about a guy who used “incorrect” as his password. If he entered it wrong, the computer would tell him what it is: “Your password is incorrect.”
MarshaOstroff over 1 year ago
I write all of my passwords down in my “Little Black Book”. Yes, that’s really the name given to it by the company that published it!