The Guy Who Invented Passwords Says He's Sorry

[Hep Roc Heretic]

The guy who invented passwords says he's $0rry:

http://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

 

[warpus]

He didn't "invent passwords"

He came up with some password-related standards that we use today. It's even right in the damn headline

 

[Kyriakos]

Well, yes, i am pretty sure he didn't invent spartan cryptic messages

 

[luiz]

The guy who invented passwords was probably named Nog and he lived in a cave.

 

[warpus]

Nonsense, it was a guy named Stephen Password

 

[Catharsis]

Pretty sure I invented passwords actually, the first password was "girls are smelly" and my sister never successfully guessed it, so she never got into my pillow fort

 

[Silurian]

The guy who invented passwords was probably named Nog and he lived in a cave.

Not sure about that

 

[Borachio]

Ah. Noggin the Nog. One of my very favourite Norsemen.

Poor old Oliver Postgate. His father incessantly told him he was no good. So as a response he produced some of the finest animation ever. Imo.

Which I doubt his father ever saw.

 

[Zelig]

He came up with some password-related standards that we use today.

He didn't even come up with any current-day standards. Best practice has surpassed his standards years ago.

 

[uppi]

He didn't even come up with any current-day standards. Best practice has surpassed his standards years ago.

That does not stop plenty of narrow-minded security people clinging to them.

But these would not be too bad if it was not for those who require a password change every 60 days. Whoever thought of that should really apologize.

 

[Perfection]

It'd be a heck of a lot simpler if we all just agreed to used the same password

 

[Silurian]

I use 123456789password

 

[Akka]

Well, I'm proud to notice that I already used the "new" good practice of "whole sentences as password" years before the guy "invented passwords"

 

[Traitorfish]

I'd honestly be more annoyed by a system demanding that my password be at least 16-characters long than one demanding I throw in a couple of special characters.

 

[BvBPL]

Too little, too late.

 

[Zelig]

I'd honestly be more annoyed by a system demanding that my password be at least 16-characters long than one demanding I throw in a couple of special characters.

That seems more like an emotional response than a logical one.

The human brain is simply better at remembering greater entropy more easily when it's comprised of natural language words rather than random characters.

e.g. a random 8-character ascii password ",&Mc {C:" has about equivalent (95^8) entropy as a 4-character diceware password "lend bon seethe crown" (7776^4).

 

[Borachio]

http://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

Well, I don't know so much.

I can easily agree that the longer the password the harder it is to crack by brute force.

But if you're using words that appear in a dictionary, aren't you restricting your possibilities really substantially?

And if a computer program can "know" or "suspect" that you are, isn't that going to substantially improve its chances of cracking your password?

 

[Zelig]

And if a computer program can "know" or "suspect" that you are, isn't that going to substantially improve its chances of cracking your password?

Yes, but only if you measuring "improve chances of cracking versus a higher entropy password of equivalent character length". If you use the Diceware list you're adding 12.9 bits of entropy per word. You can add arbitrary entropy by adding more words. I don't think there's any way of adding equivalent entropy that's easier for humans to remember.

 

[civvver]

yeah my work laptop passwords are literally Password##. I'm up to Password55 currently. Cus they make us change it constantly. It's kind of dumb anyway, someone would need to physically possess my laptop to get on it, it's just a safeguard if I lose it I suppose.

Work issue iphone same deal, they make us update it like every month. Right now it's 222222 lol. Next month it'll be 333333 until we get to 999999 and I cannot reuse the last ten, then it'll probably be 121212 til I can reset. Again you'd need to physical posses my phone so I don't see the point of a lock.

 

[sophie]

yeah my work laptop passwords are literally Password##. I'm up to Password55 currently. Cus they make us change it constantly. It's kind of dumb anyway, someone would need to physically possess my laptop to get on it, it's just a safeguard if I lose it I suppose.

Work issue iphone same deal, they make us update it like every month. Right now it's 222222 lol. Next month it'll be 333333 until we get to 999999 and I cannot reuse the last ten, then it'll probably be 121212 til I can reset. Again you'd need to physical posses my phone so I don't see the point of a lock.

Better method for work pw generation: first person you meet at work in the morning, what you had for dinner the night before, current year