Weak, Easy-to-Remember Passwords a Familiar Crutch for Users

Discussion in 'privacy general' started by TheKid7, May 17, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Weak, Easy-to-Remember Passwords a Familiar Crutch for Users:
    http://threatpost.com/weak-easy-to-remember-passwords-a-familiar-crutch-for-users/
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Just because a password is "Easy to remember" doesn't mean it has to be "weak."


    ----
    rich
     
  3. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    This sentence from the topic sums it up nicely:

    I've bolded the critical part of that statement. Yesterday's data breaches are today's passphrase wordlists. I've found it is very hard to force users to abide by passphrase policies when given the option to use weaker iterations unless they are security focused. However to play devil's advocate even when strong passphrase policies are in place you still have users who when prompted to change passphrases, say every 30 days, will simply do the <insert old password here><number increments here>. (e.g. strongpassword becomes strongpassword1, strongpassword2, etc) :rolleyes:
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You can force than amount of character changes as well. I still hate those policies though, why change something that wasn't possibly breached? It just encourages easy-to-remember passwords, which tends to be weak without creativity (that only goes so far until ideas run out).
     
  5. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
  6. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    seriously why do you need to make your password strong? i doubt it is necessary as long as you don't attract the attention of hackers.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    That's only if they specifically target you, don't forget automated tools that scour the Internet (with a list of default/weak passwords).
     
Loading...
Thread Status:
Not open for further replies.