|
|
 |
|
|
Thread Tools | Display Modes |
Jul 24th, 2004, 6:31 PM
|
#31 |
|
Expert Programmer
Join Date: Jul 2004
Location: Halifax, Nova Scotia (Canada)
Posts: 784
Rep Power: 5
   |
Actually changing your password "on a regular basis" can be just as bad as not changing them if someone is around to know exactly when you are going to do it... security through obscurity, mix things up a bit and do it at somewhat inconsistent intervals.
__________________
Clifford Matthew Roche <geek@cliffordroche.com> Web Hosting: http://www.crd-hosting.com Consulting: http://www.crdev-consulting.com |
|
|
|
Jul 24th, 2004, 7:33 PM
|
#32 | |
|
Hobbyist Programmer
Join Date: Apr 2004
Location: /dev/urandom
Posts: 154
Rep Power: 5
  |
Quote:
__________________
"Time is an illusion. Lunchtime doubly so." -the late, great Douglas Adams |
|
|
|
|
|
Jul 25th, 2004, 4:36 PM
|
#33 |
|
Expert Programmer
Join Date: Jul 2004
Location: Halifax, Nova Scotia (Canada)
Posts: 784
Rep Power: 5
|
haha, well the obscurity part still holds for coding
__________________
Clifford Matthew Roche <geek@cliffordroche.com> Web Hosting: http://www.crd-hosting.com Consulting: http://www.crdev-consulting.com |
|
|
|
|
Jul 26th, 2004, 10:13 AM
|
#34 | |
|
Programming Guru
 
Join Date: May 2004
Location: Brandon, Manitoba, Canada
Posts: 2,023
Rep Power: 7
|
Quote:
__________________
Profanity is the one language that all programmers understand. Check out my Blog <---updated Nov 30 2007! |
|
|
|
|
|
Jul 26th, 2004, 10:17 AM
|
#35 |
|
PFO Founder
 
Join Date: Mar 2004
Location: Fargo, ND
Posts: 1,667
Rep Power: 10
|
i dont normally change my passwords as i would never remember what i changed them to :ph34r:
__________________
BIG K aka Kyle Programming Forums Kyle K Online Please do not PM or email me programming questions. Post them in the forums instead. |
|
|
|
|
Jul 27th, 2004, 7:16 PM
|
#36 |
|
Expert Programmer
Join Date: Jul 2004
Location: Halifax, Nova Scotia (Canada)
Posts: 784
Rep Power: 5
|
I was like that, you get used to it quickly though. You could always write them down and store them in a secure place... probably not that secure of an idea though.
__________________
Clifford Matthew Roche <geek@cliffordroche.com> Web Hosting: http://www.crd-hosting.com Consulting: http://www.crdev-consulting.com |
|
|
|
|
Jul 27th, 2004, 11:12 PM
|
#37 |
|
Programming Guru
Join Date: Jul 2004
Location: United States
Posts: 3,473
Rep Power: 8
|
Thank about this guys... the last password generator I wrote creates and validates passwords that containts 2 lowercase alphas, 2 uppercase alphas, 2 symbols, 2 digits and 2 randoms at 10 characters in length and randomly filled. The upper and lower alphas cannot be side by side to reduce chances of a dictionary attack.
I told my employer that we have effectively reduced security because the users will be writing their passwords down on their desks. Hell when I wrote my own password to conform to the audit specs, just to confirm the password required me typing into notepad and copying and pasting it. At any rate, figured I'd add in the passwords from hell 
__________________
http://jasonpowers.net "There are a thousand hacking at the branches of evil to one who is striking at the root." |
|
|
|
|
Jul 28th, 2004, 9:51 AM
|
#38 |
|
Programming Guru
Join Date: May 2004
Location: Brandon, Manitoba, Canada
Posts: 2,023
Rep Power: 7
|
those are always the best ones.
__________________
Profanity is the one language that all programmers understand. Check out my Blog <---updated Nov 30 2007! |
|
|
|
|
Jul 30th, 2004, 7:42 PM
|
#39 |
|
Expert Programmer
Join Date: Jul 2004
Location: Halifax, Nova Scotia (Canada)
Posts: 784
Rep Power: 5
|
The problem is that if a password is too arbitrary, then there is no incentive for the user to remember the password, this is something you learn in your basic psychology course. Unless that person is using the password in a daily basis, and even when they are first given the password the process of moving such a string of characters from their short term to long term memory requires a lot of initial uses.... pay the person to write the password down 1,000 time over and you have solved the problem (but who really wants to do that.. lol).
On the other hand a password that is not nearly arbitrary enough is easy to crack if you know a few details about the person, I have done this for people who have asked me to recover old email passwords for them on a few occasions. Biometric authentication seems like an ineresting was to go around the problem of course... you could always look into a technology I played around with some time ago kind of like biometric authentication (only not using biometrics) at: http://www.ibutton.com. Only problem with that of course is that they are like keys... you do not want to loose them, though they have taken a few measures to prevent this. At least if you loose it you know to change your access codes, but if you leak a password... you might not know until it is too late, that is of course if you know even then...
__________________
Clifford Matthew Roche <geek@cliffordroche.com> Web Hosting: http://www.crd-hosting.com Consulting: http://www.crdev-consulting.com |
|
|
|
|
Aug 3rd, 2004, 10:39 AM
|
#40 |
|
Programming Guru
Join Date: May 2004
Location: Brandon, Manitoba, Canada
Posts: 2,023
Rep Power: 7
|
Passwords are always going to be the weak point in any system. Give a person some time and a whole bunch of cpu cycles and there going to get in.
__________________
Profanity is the one language that all programmers understand. Check out my Blog <---updated Nov 30 2007! |
|
|
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
