Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Kimmax111067yForcing to include at least one special char makes it weaker against brute forcing. Now you do know that at least one character is not a-Z, nor 0-9, which already reduces possible combinations.
It kinda works against stupid simple passwords tho. However I bet that 95% of these passwords just get a 'special char' appended. And with special char I mean ! -
@Kimmax It doesn't make it weaker, if you append a special char, only, if you replace another character by it. ;)
Adding characters to a password always makes it stronger (appending [.-_!,?] (these are probably the effectively used special characters by most users, not all actually available chars) just doesn't increase its strength as much as appending [\w]). -
Kimmax111067y@theCalcaholic let's say you force againstโ 6-12 chars, it does make it weaker, because you can rule down the possible characters of at least one position. This gets worse if you say "At least one special, one upper case and a number" now you know that one field won't have anything else than 0-9, one won't have anything else than a uppercase letter A-Z (excluding possible non ASCII characters, like Ä, for simplicity)
It's all about getting the possible combinations up to harden against brute force. So in that sense, a 6-12 character password with no enforced public requirements is stronger than one with restrictions
Rainbow Tables and other precomputed hash tables are another story tho -
xorith27467yI'm going to start using complementary phrases as passwords. Not only will I create a positive atmosphere for myself, but if I am compromised, perhaps the hacker will take the complement instead of my identity.
-
@Kimmax Okay, that's correct. I don't see the reason for character limitations for passwords anyways (except DDOS protection, but I don't need a fucking 8 character limit - I'd say anything bigger than 30 is reasonable).
-
b3b343777yMy passwords contain 27 up to 32 characters. If I want to sign up for a website and get an error that I'm not allowed to use this much chars I always quit. I can't think of passwords this short. I'm too creative for this world I guess ๐ข
-
Never use special characters because you're vulnerable to all the crackers that assume you used them.
-
@mzeffect Ts... Just randomly generate everything in the pattern '.{12,30}'. :P
-
kiclamtu0192dWhat are the potential implications of enforcing the inclusion of at least one special character in passwords, particularly in terms of its impact on password strength against brute force attacks?
Always include special characters
joke/meme