Personally I love it, however I will never ever be able to employ it on our company website.
However, the concept of incentivizing the password entry field has inspired me. Instead of something risqué like nudity, how about offering a coupon off your first order (works for a commerce or service based site). Ie, as they type, gradually increase a % from 1 to 5 (or higher, what ever you're willing to offer).
IE, a progression like:
|asdf |
|asdf12 | %1 off first order coupon
|asdf12KL | %2 off first order coupon
|asdf12KL.!| %5 off first order coupon
That's a very smart idea. Even if you cannot give discounts, maybe you can give out free support, extra services (eg: extra storage for a Dropbox like service).
In addition to the business cost of giving away discounts, are you accounting for the business cost of increased support incidents for forgotten passwords?
What is with HN recently? I just do not understand why the uber-creep factor is out in force.
Even if the image set is replaceable and you dont' have to use a naked lady, that is the default demo, and the stated objective of the site is Strong Password == Naked Lady.
Aside from the blatant sexist targeting, this is trying to take advantage of entirely the wrong impulse. Associating a strong password with the human drive for porn doesn't actually encourage any better understanding of strong passwords or why they should be used.
If this were to be something like 'pwnyourpassword', and demonstrate how easy it'd be to crack your password w/ a dictionary attack, then this wouldn't be either as exploitative or crass.
Instead, the mechanism is, lets distribute pixel art of naked ladies to incentivize instead of teaching/demonstrating.
So, yes, "2tcUKstR" (which I've just generated with `openssl rand -base64 6`) is considered less secure than "Aa1!!".
Well, the good thing that they're just suggesting about password's quality, not enforcing it. It really pissed me off when one site declined to accept password and said it was "insecure" just because I was using base64, and (by chance) password did not contain any non-alphanumeric characters. I've also seen another site which rejected "/" in passwords, insisting on /^[A-Za-z0-9]$/ only.
Instead, the mechanism is, lets distribute pixel art of naked ladies to incentivize instead of teaching/demonstrating.
Do you take offense at the fake "flies" they stick into urinals to focus men's attention?
I suspect the "naked lady" (which looks nothing like the real deal - I know, I have a kid) isn't so much the point here as the ability of a changing graphic to play the role of the aforementioned fly. I prefer the "discounts" idea raised elsewhere in the thread though.. a discount's more use to me than a heavily pixellated "babe" ;-)
A sense of humour bypass alert applies to these comments:
I'm afraid I found this a bit confusing -- my initial thought was that more nakedness might be associated with vulnerability/exposure, and therefore indicate password weakness.
And aside from any sexism, making strong passwords NSFW might not have the desired effect.
This is cute, but personally, I've never been a fan of password character requirements. Laissez-faire, and all that...the Internet has no business telling me how to secure my profiles!
I agree, and I really hate it when sites require specific formats for passwords. However this is just a password strength meter (even if it's a poor one) and not forcing anything on the user.
Well, some websites do have some business telling you your password isn't secure enough. If someone cracks your bank password, the bank is liable for the money lost.
Handling of special characters could use some improvement. For instance, "Hello" (no quotes) has her in her underwear, but with "<H;>/", she still has pants on. That said, this site is more about the presentation than the algorithmic implementation; I'm sure someone will fork her on GitHub and teach her to keep her clothes on longer.
While it seems like there could be some issues with this in a (particularly conservative) workplace, I think the concept is great: give users some incentive to practice safe passwording.
That's probably one of the best comments to demonstrate the "engineer spirit": no quabble about the sexism claims, the quality of the pixel art, or if it's a good way to make people pick good passwords... Mere optimization.
Sure, your shell account, bank website, ebay/amazon password should be very secure, secure to the point of not needing to be prompted, but does every site on the net, ie your blog, twitter, etc, need to have a min of 8 characters w/at least one number and one capital?
Oh, agree with everyone here on the creepiness factor here...
I've seen many of users typing their birth year, their first name or just "123qwe" as their password. Way too many I'd ever expected.
I really doubt they understood the possible consequences. Restricting is inacceptable, but warning against using seemingly-insecure password should be perfectly fine.
This site illustrates one of my pet peeves with "password strength" meters: punctuation doesn't increase your score. Mixed case does, numbers do, but punctuation doesn't.
Correction: some punctuation does, but most don't.
[+] [-] giberson|15 years ago|reply
However, the concept of incentivizing the password entry field has inspired me. Instead of something risqué like nudity, how about offering a coupon off your first order (works for a commerce or service based site). Ie, as they type, gradually increase a % from 1 to 5 (or higher, what ever you're willing to offer).
IE, a progression like:
[+] [-] tsycho|15 years ago|reply
[+] [-] pavel_lishin|15 years ago|reply
[+] [-] T-hawk|15 years ago|reply
(Good idea though)
[+] [-] knowtheory|15 years ago|reply
What is with HN recently? I just do not understand why the uber-creep factor is out in force.
Even if the image set is replaceable and you dont' have to use a naked lady, that is the default demo, and the stated objective of the site is Strong Password == Naked Lady.
Aside from the blatant sexist targeting, this is trying to take advantage of entirely the wrong impulse. Associating a strong password with the human drive for porn doesn't actually encourage any better understanding of strong passwords or why they should be used.
If this were to be something like 'pwnyourpassword', and demonstrate how easy it'd be to crack your password w/ a dictionary attack, then this wouldn't be either as exploitative or crass.
Instead, the mechanism is, lets distribute pixel art of naked ladies to incentivize instead of teaching/demonstrating.
Yeah, that's the society i want to live in. :|
[+] [-] BoppreH|15 years ago|reply
"betterpassword" -> "This password would take 15 seconds to crack"
"S89&;al(l_2z0Z¨" -> "This password would take 56 years to crack"
Security by fear?
[+] [-] drdaeman|15 years ago|reply
So, yes, "2tcUKstR" (which I've just generated with `openssl rand -base64 6`) is considered less secure than "Aa1!!".
Well, the good thing that they're just suggesting about password's quality, not enforcing it. It really pissed me off when one site declined to accept password and said it was "insecure" just because I was using base64, and (by chance) password did not contain any non-alphanumeric characters. I've also seen another site which rejected "/" in passwords, insisting on /^[A-Za-z0-9]$/ only.
[+] [-] petercooper|15 years ago|reply
Do you take offense at the fake "flies" they stick into urinals to focus men's attention?
I suspect the "naked lady" (which looks nothing like the real deal - I know, I have a kid) isn't so much the point here as the ability of a changing graphic to play the role of the aforementioned fly. I prefer the "discounts" idea raised elsewhere in the thread though.. a discount's more use to me than a heavily pixellated "babe" ;-)
[+] [-] wonderzombie|15 years ago|reply
Flagged.
[+] [-] ryandvm|15 years ago|reply
72 ^ 5 = 1,934,917,632
Good luck brute-forcing that. 5 characters is plenty secure.
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] there|15 years ago|reply
and yet:
clothed to naked with just "1!aAA" :|
so you clearly spent some time trying to get it to display the naked lady even after you knew what it was. creep.
[+] [-] gmac|15 years ago|reply
I'm afraid I found this a bit confusing -- my initial thought was that more nakedness might be associated with vulnerability/exposure, and therefore indicate password weakness.
And aside from any sexism, making strong passwords NSFW might not have the desired effect.
[+] [-] aba_sababa|15 years ago|reply
[+] [-] city41|15 years ago|reply
[+] [-] jimmyk|15 years ago|reply
[+] [-] michaelcgorman|15 years ago|reply
[+] [-] alanh|15 years ago|reply
[+] [-] CodeMage|15 years ago|reply
[+] [-] bittermang|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] rmc|15 years ago|reply
[+] [-] petercooper|15 years ago|reply
[+] [-] teuobk|15 years ago|reply
[+] [-] biot|15 years ago|reply
[+] [-] pluies|15 years ago|reply
[+] [-] shrikant|15 years ago|reply
Can someone please explain what this is supposed to be...?
[+] [-] djhomeless|15 years ago|reply
Sure, your shell account, bank website, ebay/amazon password should be very secure, secure to the point of not needing to be prompted, but does every site on the net, ie your blog, twitter, etc, need to have a min of 8 characters w/at least one number and one capital?
Oh, agree with everyone here on the creepiness factor here...
[+] [-] drdaeman|15 years ago|reply
I really doubt they understood the possible consequences. Restricting is inacceptable, but warning against using seemingly-insecure password should be perfectly fine.
[+] [-] drdaeman|15 years ago|reply
[+] [-] tzs|15 years ago|reply
[+] [-] bryanlarsen|15 years ago|reply
Correction: some punctuation does, but most don't.
[+] [-] 51Cards|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] rubyskills|15 years ago|reply
[+] [-] 9ec4c12949a4f3|15 years ago|reply
[deleted]
[+] [-] jwcacces|15 years ago|reply