top | item 34101464

(no title)

im sorry, what point are you making?

if its that "dog" is a weak password, i thought that was evident. but many people seem confused that "horseloverwhatever" is more secure, similarly that "dog23!Wog" is more secure. my point is they are equally trash so leave the user alone

discuss

lucb1e|3 years ago

> if its that "dog" is a weak password, i thought that was evident

You're confusing me. First you say that "dog" is just as strong as any other password, now you say that it should have been evident that it's a weak password. Which is it?

> my point is they are equally trash

This again sounds contradictory, but this time within one comment. First you say that horseloverwhatever is stronger than dog, but then that they are equally "trash".

anewguy9000|3 years ago

i meant others commonly assume horseloverwhatever is more secure.

to be more clear,

1. dog is weak 2. horseloverwhatever is weak 3. 8randoms! is weak 4. therefore, dog is as good as horseloverwhatever or 8randoms! 5. most account compromises do not even require a brute force (shoddy practices on the backend) making the complexity requirements pointlessly burdensome on the user 6. in cases where you want a password to resist a legitimate brute force, we need to talk about passphrases (ie > 50 chars) or passwordless

what u think?

chordalkeyboard|3 years ago

short passwords are still a security weakness even when properly stored because the time necessary to brute force them is relatively low.

anewguy9000|3 years ago

i agree. but most sites that enforce a policy (8 chars, symbols, etc) are bruted just as easily. we need to take a step, away from passwords, to secure against brute force in 2022

danrocks|3 years ago

also: rainbow tables