LumberJocks

All Replies on Password limitations

  • Advertise with us
View RobinDobbie's profile

Password limitations

by RobinDobbie
posted 09-28-2018 02:21 AM


25 replies so far

View MrUnix's profile

MrUnix

7388 posts in 2595 days


#1 posted 09-28-2018 03:07 AM

I have a federal bank account that has the same limitation on passwords (letters + numbers only). The difference between letters + numbers only and letters + numbers + punctuation characters is not as much as you may think.

For an 8 character password:

Letters+numbers only = ~2.18 X 10^14 possibilities.
Add in punctuation = ~5.76 X 10^14 possibilities.

The characters used have nothing to do with saving a few bytes of data, since the password is represented the same internally regardless. But the exclusion of punctuation characters does make the web interface easier to code and easier to strip for malicious character sequences, thereby actually making it safer.

Cheers,
Brad

-- Brad in FL - In Dog I trust... everything else is questionable

View RobinDobbie's profile

RobinDobbie

147 posts in 2131 days


#2 posted 09-28-2018 06:10 AM

If we add just two more characters and add symbols to our little 8 character password, we theoretically lengthen the cracking time more than 70 fold over adding just two more alphanumeric characters.

If we have a 12 character password with symbols, it might take 170 times longer to crack than an alphanumeric password of the same length.

16 characters: more than 900 times improvement with symbols.

20 characters: more than 5000 times improvement with symbols.

So yes, symbols are every bit as important as I might think when I’m trying to come up with passwords with fewer characters to remember on sites that aren’t federal banks.

View Redoak49's profile

Redoak49

4007 posts in 2384 days


#3 posted 09-28-2018 10:56 AM

Who would want to crack someone’s password on LJ?

On a sensitive sign in for a bank, health related or credit cards, I understand. My passwords for forums are all pretty simple because there is nothing to protect.

View RobinDobbie's profile

RobinDobbie

147 posts in 2131 days


#4 posted 09-28-2018 11:40 AM



My passwords for forums are all pretty simple because there is nothing to protect.

- Redoak49

Well let’s just abandon passwords altogether, then ;-) Every time we get on the site we’re given a random user name.

View MrUnix's profile

MrUnix

7388 posts in 2595 days


#5 posted 09-28-2018 08:37 PM

If we add just two more characters and add symbols to our little 8 character password [...]
- RobinDobbie

Now you are on the right path… The lengthening of the password (eg: going from 8 to 10 characters) will give you an exponential increase, while adding characters to the available character set only gets you a linear one.

Cheers,
Brad

-- Brad in FL - In Dog I trust... everything else is questionable

View RobinDobbie's profile

RobinDobbie

147 posts in 2131 days


#6 posted 09-29-2018 12:59 AM


Now you are on the right path…

Thank fark I have you to tell me I’m on the right path.

My point wasn’t about lengthening the password. It was that for just about any given length of password one tries to remember, the effectiveness of the password is multiplied if it is merely allowed to contain symbols. The fun thing is, it might not even have to actually contain symbols to potentially waste some of a cracker’s time.

View GR8HUNTER's profile

GR8HUNTER

6110 posts in 1108 days


#7 posted 09-29-2018 02:15 AM

no one is asking you to stay here if you dont like it you are free to leave :<))

-- Tony---- Reinholds,Pa.------ REMEMBER TO ALWAYS HAVE FUN

View Richard's profile

Richard

11274 posts in 3428 days


#8 posted 09-29-2018 02:58 AM


no one is asking you to stay here if you don’t like it you are free to leave :<))

- GR8HUNTER

WHO is your slightly OFF Comment ”no one is asking you to stay here if you don’t like it you are free to leave” addressed to? The Author of this Post? Try clicking on the “Quote” word to highlight who YOU are addressing. Like I just did for yours.

-- Richard (Ontario, CANADA)

View Redoak49's profile

Redoak49

4007 posts in 2384 days


#9 posted 09-29-2018 11:19 AM

I understand making passwords stronger.

However, can someone tell me why a very strong password is needed for this site. Maybe someone hacks your account for fun but what is their to gain since there is really no usable personal information.

View RobinDobbie's profile

RobinDobbie

147 posts in 2131 days


#10 posted 09-29-2018 11:43 AM

If you’d have read my original post you’d know that all I was suggesting was no limitations on password creation. If you don’t want a “very strong” password, don’t bother with one. I’ll admit I certainly haven’t. But why not have as good a password as you can get with whatever length you have chosen?

View Chris Cook's profile

Chris Cook

328 posts in 2677 days


#11 posted 09-29-2018 12:39 PM



I understand making passwords stronger.

However, can someone tell me why a very strong password is needed for this site. Maybe someone hacks your account for fun but what is their to gain since there is really no usable personal information.

- Redoak49

read up on how hackers stair-step through accounts to get to your accounts that are really sensitive. You’d be amazed at how losing your LJ account to a hacker could lead to compromising all your accounts.

-- Chris, "all we are is sawdust in the dust collector""

View Redoak49's profile

Redoak49

4007 posts in 2384 days


#12 posted 09-29-2018 02:03 PM

That is very interesting about how a hacker could use my LJ account to compromise my other accounts.

Could you briefly explain how? My passwords for sensitive accounts are just random letters, numbers and symbols and nothing like my LJ account.

Do you have any examples of how this was done to an LJ member?

Maybe I should change my LJ password from “Password”?

View GR8HUNTER's profile

GR8HUNTER

6110 posts in 1108 days


#13 posted 09-29-2018 03:03 PM


That is very interesting about how a hacker could use my LJ account to compromise my other accounts.

Could you briefly explain how? My passwords for sensitive accounts are just random letters, numbers and symbols and nothing like my LJ account.

Do you have any examples of how this was done to an LJ member?

Maybe I should change my LJ password from “Password”?

- Redoak49


LOL now you know that not your password ….. it is redoak49 LOL :<)))))))

-- Tony---- Reinholds,Pa.------ REMEMBER TO ALWAYS HAVE FUN

View oldnovice's profile

oldnovice

7487 posts in 3763 days


#14 posted 09-29-2018 06:02 PM

Another breach on Facebook, so what?

I am bewildered that people actually keep confidential information on a site like Facebook.
In my opinion Facebook is just another ”Lumberjocks like” site, why would you keep confidential information on either?

-- "I never met a board I didn't like!"

View Jack Lewis's profile

Jack Lewis

442 posts in 1474 days


#15 posted 11-08-2018 06:29 PM

Now days hackers have programs that run all possibilities of password combinations beginning with “a” through any number of characters. It takes time for the program to run and what would they gain by hacking LJ?

I figure if they take the time and trouble hack my indenity, they can have it bills and all! If they charge something to me and it can’t/wont correct, to hell with them. I am old enough that before a court could assess me a bill I will pass away anyway. They can’t hack my cash.

-- "PLUMBER'S BUTT! Get over it, everybody has one"

View Richard's profile

Richard

11274 posts in 3428 days


#16 posted 11-25-2018 11:41 PM



Another breach on Facebook, so what?

I am bewildered that people actually keep confidential information on a site like Facebook.
In my opinion Facebook is just another ”Lumberjocks like” site, why would you keep confidential information on either?

- oldnovice

FACEBOOK is just out to grab all it can. There is NOTHING Private on that Site! There are 1 or 2 people on here that are Addicted to Facebook! We have to many “Social Connections” on here! Everything from here goes on those “Lonely Heart” Connections. Get Rid Of Them!

-- Richard (Ontario, CANADA)

View Richard's profile

Richard

11274 posts in 3428 days


#17 posted 11-25-2018 11:46 PM



no one is asking you to stay here if you dont like it you are free to leave :<))

- GR8HUNTER

-- Richard (Ontario, CANADA)

View TheFridge's profile

TheFridge

10858 posts in 1882 days


#18 posted 11-26-2018 12:04 AM

I really like peanut butter

-- Shooting down the walls of heartache. Bang bang. I am. The warrior.

View 000's profile

000

2859 posts in 1295 days


#19 posted 11-26-2018 12:12 AM



I really like Alder butter

- TheFridge

Fixed.
(what were you thinking?)

View GR8HUNTER's profile

GR8HUNTER

6110 posts in 1108 days


#20 posted 11-26-2018 12:47 AM


I really like Alder butter

- TheFridge

Fixed.
(what were you thinking?)

- jbay


BAHAHAAHAHAHAHA :<)))))))))))))

-- Tony---- Reinholds,Pa.------ REMEMBER TO ALWAYS HAVE FUN

View BroncoBrian's profile

BroncoBrian

875 posts in 2354 days


#21 posted 11-26-2018 02:37 AM



I really like peanut butter

- TheFridge

Finally something worth reading. I am going to have an apple with peanut butter right now on my Alder serving platter.

FYI – People often think of a short set of random characters like “*K>#)0$j4” as super secure, but a long string of memorable words like “golfkangaroocrispyhalitosis” is actually stronger.

The reason has everything to do with password entropy: a representation of how much uncertainty there is in a password. This translates to how computationally difficult a password is to crack. Simply put, adding length increases entropy more efficiently than replacing letters with symbols.

-- A severed foot is the ultimate stocking stuffer.

View TheFridge's profile

TheFridge

10858 posts in 1882 days


#22 posted 11-26-2018 03:25 AM

Thank you for the correction JB

You lost me at computationally difficult but it sounded smart :) and you like alder so you got my vote

-- Shooting down the walls of heartache. Bang bang. I am. The warrior.

View woodbutcherbynight's profile

woodbutcherbynight

5966 posts in 2805 days


#23 posted 11-27-2018 05:39 AM

computationally, entropy

where are the phasers?????

LOL

-- Live to tell the stories, they sound better that way.

View fuigb's profile

fuigb

559 posts in 3353 days


#24 posted 11-27-2018 12:27 PM

To the original point: punctuation and spaces can be problems for software because they are commonly used as delimiters, i.e. signal that one variable/field has ended and another has begun. “So what” might say a user, but the problems caused by these can bring some systems to a halt. Why is it a bad idea to flush golf balls down the toilet? Because the plumbing isn’t designed to accommodate them. Why no punctuation in passwords here? Similar reason.

-- - Crud. Go tell your mother that I need a Band-aid.

View sparticvs's profile

sparticvs

10 posts in 1302 days


#25 posted 11-27-2018 01:09 PM

The no spaces and punctuation was because in the ‘00s, developers didn’t know how to parameterized queries with the database to limit injection attacks. Things just broke when they entered spaces, so how do you get around it? Fix the programming flaw? No, just say no spaces and other punctuation that breaks it. General best practices are that you don’t ever actually store the secret, you store a representation of the secret that is a result of a one way function. In that case, no character actually matters to the storage, since it is all normalized.

When someone said, “why does it matter, it’s just LJ” that is because people who have gained trust in the community and post a lot are likely to be the target of spammers that are looking to access accounts and change URLs in posts to point to infected things. It’s no longer about “what” is getting hacked, it’s about what that now enables an adversary to accomplish.

Have your say...

You must be signed in to reply.

DISCLAIMER: Any posts on LJ are posted by individuals acting in their own right and do not necessarily reflect the views of LJ. LJ will not be held liable for the actions of any user.

Latest Projects | Latest Blog Entries | Latest Forum Topics

HomeRefurbers.com