LumberJocks

Password limitations

  • Advertise with us

« back to LumberJocks.com Site Feedback forum

Forum topic by RobinDobbie posted 09-28-2018 02:21 AM 1114 views 0 times favorited 25 replies Add to Favorites Watch
View RobinDobbie's profile

RobinDobbie

147 posts in 2155 days


09-28-2018 02:21 AM

“1 error prohibited this account from being saved
There were problems with the following fields:

Password may contain only letters and numbers – no spaces or punctuation allowed”

I think its important to not have any limitations on how a password can be constructed, except maybe length. But even that seems to be a weird way to save a few bytes of data in 2018.


25 replies so far

View MrUnix's profile (online now)

MrUnix

7405 posts in 2618 days


#1 posted 09-28-2018 03:07 AM

I have a federal bank account that has the same limitation on passwords (letters + numbers only). The difference between letters + numbers only and letters + numbers + punctuation characters is not as much as you may think.

For an 8 character password:

Letters+numbers only = ~2.18 X 10^14 possibilities.
Add in punctuation = ~5.76 X 10^14 possibilities.

The characters used have nothing to do with saving a few bytes of data, since the password is represented the same internally regardless. But the exclusion of punctuation characters does make the web interface easier to code and easier to strip for malicious character sequences, thereby actually making it safer.

Cheers,
Brad

-- Brad in FL - In Dog I trust... everything else is questionable

View RobinDobbie's profile

RobinDobbie

147 posts in 2155 days


#2 posted 09-28-2018 06:10 AM

If we add just two more characters and add symbols to our little 8 character password, we theoretically lengthen the cracking time more than 70 fold over adding just two more alphanumeric characters.

If we have a 12 character password with symbols, it might take 170 times longer to crack than an alphanumeric password of the same length.

16 characters: more than 900 times improvement with symbols.

20 characters: more than 5000 times improvement with symbols.

So yes, symbols are every bit as important as I might think when I’m trying to come up with passwords with fewer characters to remember on sites that aren’t federal banks.

View Redoak49's profile

Redoak49

4043 posts in 2408 days


#3 posted 09-28-2018 10:56 AM

Who would want to crack someone’s password on LJ?

On a sensitive sign in for a bank, health related or credit cards, I understand. My passwords for forums are all pretty simple because there is nothing to protect.

View RobinDobbie's profile

RobinDobbie

147 posts in 2155 days


#4 posted 09-28-2018 11:40 AM



My passwords for forums are all pretty simple because there is nothing to protect.

- Redoak49

Well let’s just abandon passwords altogether, then ;-) Every time we get on the site we’re given a random user name.

View MrUnix's profile (online now)

MrUnix

7405 posts in 2618 days


#5 posted 09-28-2018 08:37 PM

If we add just two more characters and add symbols to our little 8 character password [...]
- RobinDobbie

Now you are on the right path… The lengthening of the password (eg: going from 8 to 10 characters) will give you an exponential increase, while adding characters to the available character set only gets you a linear one.

Cheers,
Brad

-- Brad in FL - In Dog I trust... everything else is questionable

View RobinDobbie's profile

RobinDobbie

147 posts in 2155 days


#6 posted 09-29-2018 12:59 AM


Now you are on the right path…

Thank fark I have you to tell me I’m on the right path.

My point wasn’t about lengthening the password. It was that for just about any given length of password one tries to remember, the effectiveness of the password is multiplied if it is merely allowed to contain symbols. The fun thing is, it might not even have to actually contain symbols to potentially waste some of a cracker’s time.

View GR8HUNTER's profile

GR8HUNTER

6220 posts in 1132 days


#7 posted 09-29-2018 02:15 AM

no one is asking you to stay here if you dont like it you are free to leave :<))

-- Tony---- Reinholds,Pa.------ REMEMBER TO ALWAYS HAVE FUN

View Richard's profile

Richard

11274 posts in 3452 days


#8 posted 09-29-2018 02:58 AM


no one is asking you to stay here if you don’t like it you are free to leave :<))

- GR8HUNTER

WHO is your slightly OFF Comment ”no one is asking you to stay here if you don’t like it you are free to leave” addressed to? The Author of this Post? Try clicking on the “Quote” word to highlight who YOU are addressing. Like I just did for yours.

-- Richard (Ontario, CANADA)

View Redoak49's profile

Redoak49

4043 posts in 2408 days


#9 posted 09-29-2018 11:19 AM

I understand making passwords stronger.

However, can someone tell me why a very strong password is needed for this site. Maybe someone hacks your account for fun but what is their to gain since there is really no usable personal information.

View RobinDobbie's profile

RobinDobbie

147 posts in 2155 days


#10 posted 09-29-2018 11:43 AM

If you’d have read my original post you’d know that all I was suggesting was no limitations on password creation. If you don’t want a “very strong” password, don’t bother with one. I’ll admit I certainly haven’t. But why not have as good a password as you can get with whatever length you have chosen?

View Chris Cook's profile

Chris Cook

328 posts in 2700 days


#11 posted 09-29-2018 12:39 PM



I understand making passwords stronger.

However, can someone tell me why a very strong password is needed for this site. Maybe someone hacks your account for fun but what is their to gain since there is really no usable personal information.

- Redoak49

read up on how hackers stair-step through accounts to get to your accounts that are really sensitive. You’d be amazed at how losing your LJ account to a hacker could lead to compromising all your accounts.

-- Chris, "all we are is sawdust in the dust collector""

View Redoak49's profile

Redoak49

4043 posts in 2408 days


#12 posted 09-29-2018 02:03 PM

That is very interesting about how a hacker could use my LJ account to compromise my other accounts.

Could you briefly explain how? My passwords for sensitive accounts are just random letters, numbers and symbols and nothing like my LJ account.

Do you have any examples of how this was done to an LJ member?

Maybe I should change my LJ password from “Password”?

View GR8HUNTER's profile

GR8HUNTER

6220 posts in 1132 days


#13 posted 09-29-2018 03:03 PM


That is very interesting about how a hacker could use my LJ account to compromise my other accounts.

Could you briefly explain how? My passwords for sensitive accounts are just random letters, numbers and symbols and nothing like my LJ account.

Do you have any examples of how this was done to an LJ member?

Maybe I should change my LJ password from “Password”?

- Redoak49


LOL now you know that not your password ….. it is redoak49 LOL :<)))))))

-- Tony---- Reinholds,Pa.------ REMEMBER TO ALWAYS HAVE FUN

View oldnovice's profile

oldnovice

7487 posts in 3787 days


#14 posted 09-29-2018 06:02 PM

Another breach on Facebook, so what?

I am bewildered that people actually keep confidential information on a site like Facebook.
In my opinion Facebook is just another ”Lumberjocks like” site, why would you keep confidential information on either?

-- "I never met a board I didn't like!"

View Jack Lewis's profile

Jack Lewis

452 posts in 1498 days


#15 posted 11-08-2018 06:29 PM

Now days hackers have programs that run all possibilities of password combinations beginning with “a” through any number of characters. It takes time for the program to run and what would they gain by hacking LJ?

I figure if they take the time and trouble hack my indenity, they can have it bills and all! If they charge something to me and it can’t/wont correct, to hell with them. I am old enough that before a court could assess me a bill I will pass away anyway. They can’t hack my cash.

-- "PLUMBER'S BUTT! Get over it, everybody has one"

showing 1 through 15 of 25 replies

Have your say...

You must be signed in to reply.

DISCLAIMER: Any posts on LJ are posted by individuals acting in their own right and do not necessarily reflect the views of LJ. LJ will not be held liable for the actions of any user.

Latest Projects | Latest Blog Entries | Latest Forum Topics

HomeRefurbers.com