Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
99 random chars
cap, low, numbers, symbols
In a world of millions upon millions of leaked account details and password hashes being reversed (Md5, sha1) and rainbow tables making people's life easier, why would you not want to make a password as complicated as possible?
Also, if you're using stupid pA$$W0Rds! That will be used in a brute force attack anyway, that's you're problem.
h4xx3r17012yPlease, evolve by using a password manager and remember only 1 password.
Aren't password managers single point of failure? Someone gets access to it and now they can get into your bank, e-mail, paypal and other stuff.
I like to use a fixed calculation rule, so I don't have to remember anything nor using any pwd generator.
Like for example: substitute url vowels with o, first letter uppercase, add .0.
For devrant.com would be:
pass 98% of tests
And when they have a max length so you are in the middle of typing a long password to fit all the stupid requirements then you look up and its stopped you at 3 characters.
acz09034132yThe best way to make a password secure is to make it as long as possible. Here's an easy way to generate pseudo-random passwords that can be generated on-the-fly:
Example: imagine you want a password for your Google account. Goo somehow looks like 600, and glE somehow looks like 913.
Those two numbers, 600 and 913, are your seed, and they are the only thing you need to remember.
Now, construct a sequence of numbers using the Fibonacci method (N[i] = N[i-1] + N[i-2]) and the chosen seed:
600, 913, 1513, 2426, 3939, 6365, 10304, 16669, 26973
Now put those numbers together and you have your random password:
It's impossible to reconstruct it without knowing your seed, the digit distribution is random, and DUE TO ITS LENGTH, brute-force trials won't discover it even though you are using only digits (they DON'T KNOW that). Adding a special character to that string doesn't make it any more secure.
I'd still be ok with the instructions, only if they display the instructions also while I'm typing in the password to login. I'm sure i can crack my own password.
Forgot password is a nice way to waste time. People working on startup ideas (especially workplace productivity) have a really good problem at hand to solve. And no saved passwords is not the way (insecure ti say the least)
h0ru5912yI feel you.
setting up rules like those don't cause passwords to be safer. they just give the boundaries for rainbow tables.
but they block high entropy, easy memorizable techniques like diceware.
basically "long, simple passwords" will outperform cryptic short ones.
IMO maximum length is the worst idea ever (just hash it!), and believe it or not there are still people/organizations forcing you to change your password every x weeks.
luckyly, we see a growing adoption of "magic links", 2FA and "sign in with..."