Web lists-archives.com

Re: [Update] Re: FYI: mozilla.general to be shuttered and archived.

On Wed, 6 Jun 2018 08:29:41 -0700, in mozilla.general, The Real Bev

>On 06/06/2018 06:31 AM, PietB wrote:
>> Richard Owlett wrote:
>>> Disaster Master wrote:
>>>> I had one that would only allow a 6 character password, no uppercase
>>>> letters, and no numbers. Ridiculous.
>>> There is hope.
>>> My bank has long required uppercase AND lower case AND numeric elements.
>> Use "My bank has long required uppercase AND lower case AND numeric elements"
>> as pass sentence: easy to rememer and yet a lot more difficult to crack than
>> 6/7/8-char passwords with figures and special chars. Except of course for
>> readers of this thread.;-)
>I want ease/speed of entry by touch-typing.  I'm willing to supply more 
>characters, I just don't want to have to use the numbers and characters, 
>which I never learned.  Caps are a minor nuisance.
>What I really hate are stupid sites requiring multiple captchas to 
>identify shit that isn't necessarily identifiable, which sites don't -- 
>as far as I'm concerned -- need ANY security.

Ah, but then there are sites that require lower, caps, numbers, and not
only numbers but numbers in a sufficiently long numerical string, and
symbol characters.

Then they probably store it in plaintext. That's when you just want to
shoot the punters and be done with it.

My wife's university site demands an enormously lengthy passphrase, like
it's an encryption passkey. That's when you petition the government to
line them up and shoot them without even offering a cigarette. Thank
heavens for password managers. If it's a site that you need to log into
several times a day, such policies are atrocious.

My own university finally figured out that forcing a unique password
change every 3 months makes people *less* secure, because of the
resulting post-it note syndrome, and not more secure. And, you know,
because we don't work for the NSA. I'm not sure what the new interval is
(a year would seem reasonable), but it's been at least 6 months with the
same password for me. Good on them.

And THEN there's sites that are totally insignificant, where I don't even
care if someone hijacks my account. As you say, they don't even need
security. They all get "asDF12345!!" if they want to be dicks about it,
or "password" if they're just playing security theater.


Give all you can, don't give more than you can.
general mailing list