Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Artemix why use salted password hashes? Better use my ms access database with my visual basic backend.
-
zshulu3758yOn a more serious note though, what do you think is a good way to assess passwords' strength? I don't like it when you have to check for several construction rules and analyse the string 17 times, so my way is to compute the password's entropy and compare it against some established acceptable thresholds.
-
@zshulu that makes more sense, perhaps penalty if the password is standard lists?
-
zshulu3758y@vortexman100 hashing passwords is another topic; we were discussing ways to assess their strength, for instance on clientside.
-
Huuugo25058y@zshulu the rules set actually tells the user how to improve the password strength. Your method could only say "make it harder to guess" which non-techies do not understand
-
We could explain how users get powned, and tell them to never reuse passwords and tell them why password manager is great (or book whatever floats your goat).
Something like a extra info button that when clicked says:
"Why do I need a secure password? Account information is leaked everyday, hackers acquire millions of usernames and passwords and try them on all popular services. If you reuse those, hackers can get in your important life stuff. Choose unique and long passwords because the cracking methods used by hackers take longer for difficult passwords" -
Root797678yComplexity rules don't really add much entropy, so they're pretty irrelevant. Scrap 'em.
Basically the only thing that matters is password length. (Though 256 lowercase a's isn't very good either...)
I'd check for runs of the same char (n>2) and a sensible minimum password length... maybe 20 chars? and of course linking to xkcd's correct horse battery staple to explain why.
And yes, a note about the dangers of password reuse!
... apologies, I am exhausted and falling asleep 😦😪 -
@Ashkin Sensible rules:
* Phrase must be longer than 20 chars.
* Advised, but not mandatory, to use special chars.
* Password can not literally be "correcthorsebatterystaple" -
I usually let my password manager generate a large amount of random characters... Or come up with a long but easy to remember phrase which logically includes special chars on its own.
Stuff like
"Subway tickets cost €1.25 after 9:30 am"
"I can juggle 4 potatoes when I'm drunk"
This type of websites need to chill 😄
undefined