There's not enough bitching

Jon · May 02, 2012, 05:51:59 PM

Dropbox has actually written a password strength checker that tries to respect xkcd 936.

Dracos · May 02, 2012, 10:28:43 PM

Quote from: Brian on May 02, 2012, 04:28:12 PM
To be fair, I got the order of words wrong in the example (staple horse battery correct). But I did remember them all.

I do generally agree, but modern systems require you to use at least one numeral and one punctuation anyway, and then label your security 'strong'.

Truthfully, thinking on it, a non-insignificant number of my standard passwords are pretty much that with a numstring at some point. Partially because they are passwords that I can remember forever. The mixed-case/symbol stuff with apple is largely why I tend to miss-enter it.

alethiophile · May 02, 2012, 10:43:40 PM

I find I can just about always remember even strange mixed-keys stuff; it's something like a physical mnemonic, wherein I can remember where my fingers didn't go where they should have to enter the plain word. That said, I use the same password for the vast majority of cruddy random sites I visit, because I'm not in the business of trying to remember a different one for each and most of them aren't worth the effort to set up a password vault.

Brian · May 02, 2012, 10:46:29 PM

Yeah, there's an xkcd for that, too:

http://xkcd.com/792/

alethiophile · May 02, 2012, 11:21:41 PM

And no, Drac, it's not the same one as for my email or anything that can get at financial resources. :P

Arakawa · May 02, 2012, 11:51:36 PM

Man, I remember when I thought xkcd was the coolest thing ever. For some reason since then, it just stopped clicking for me.

Although I am partially guilty of xkcd 936. Namely, for important accounts I wind up combining both schools of password design and then wind up having to refer to a hintfile to even have a chance of remembering. And approximately once every two weeks the hintfile fails to jog my memory and I have to reset my Dropbox or whatever.

Fun.

EDIT: Hopefully my memory will be better in a few months as my password choices stabilize. They're related to each other by a complicated scheme that I doubt will help a password guesser any. Now I just need to spread some disinformation about myself and I will...

become extremely paranoid.

Yay!

Brian · May 03, 2012, 12:01:28 AM

My approach is to not be responsible for anything worth stealing my passwords for.

Arakawa · May 03, 2012, 12:08:23 AM

Yes, I do wonder what would cause me to become important enough that my GMail account would be worth cracking for 3 straight days at 1000 requests/second.

Paranoia is a fun game to play, though.

Dracos · May 03, 2012, 09:32:42 PM

It's impossible not to be. Do you have money? Then you've become responsible for something available digitally that is important enough for someone to care. Yay theft.

The thing is not 'hey, we are putting effort in'. It's 'hey, here's a script-kiddy program that you point at annoying person's email and let it thrash in the background and boom, now you can send them obnoxiousness from their own account!'

E.g. childish trolls. You don't have to be important to have them.

Jon · May 03, 2012, 11:03:38 PM

Toronto is the worst.

When the plane arrived in Toronto airspace, it had to turn around and fly to a different angle, due to weather. This took 20 minutes. Once we were on the ground, we waited at the gate for 40 minutes before the airport was willing to extend the bridge. I was supposed to be at my hotel by now; instead I'm waiting for my checked luggage.

Brian · May 04, 2012, 01:37:35 AM

Quote from: Dracos on May 03, 2012, 09:32:42 PMIt's 'hey, here's a script-kiddy program that you point at annoying person's email and let it thrash in the background and boom, now you can send them obnoxiousness from their own account!'

Or just send them tons and tons of hateful spam, yeah, I guess that's true. -_-;

alethiophile · May 04, 2012, 02:02:27 AM

Any site that isn't completely stupid will start throttling down authentication attempt rates after three or so, and/or present a CAPTCHA for further attempts. Online cracking of Gmail or a banking site, for instance, just isn't going to happen. That gizmo is assuming no structural entropy and offline hash checking with a relatively pathetic hashing algorithm, which is a combination that happens pretty much never. Sure, pessimistic assumptions lead to better security, but that thing was judging perfectly good passwords to be weak.

Dracos · May 04, 2012, 02:38:38 PM

Valid.

A password such as A$$R@ckTwen|y3 is a strong password. But also providing the rest of good modern development, simply the potential that one of them will be a symbol or caps or number should be enough to make: HeyEverybodySoulridersRoxs a stronger password (Yes, the all common word does make it dictionary attack vulnerable but still).

Arakawa · May 04, 2012, 10:01:08 PM

Quote from: Jon on May 03, 2012, 11:03:38 PM
When the plane arrived in Toronto airspace, it had to turn around and fly to a different angle, due to weather. This took 20 minutes. Once we were on the ground, we waited at the gate for 40 minutes before the airport was willing to extend the bridge. I was supposed to be at my hotel by now; instead I'm waiting for my checked luggage.

On the bright side, you didn't get redirected to Hamilton due to flight delays. Having to zoom down the QEW on a bus at 3am would have been a hell of a bad first impression.

Arakawa · May 05, 2012, 08:25:25 PM

What's the concise term for 'a continuous carpet of dustbunnies an inch thick that you have the misfortune to be cleaning up'?

Soulriders 5.0: Legend of the Unending Games

News:

There's not enough bitching

Jon

Dracos

alethiophile

Brian

alethiophile

Arakawa

Brian

Arakawa

Dracos

Jon

Brian

alethiophile

Dracos

Arakawa

Arakawa