![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
pecuniumIs anyone else having the LJ server warn them that their password is too easy to guess?
It isn't as if I've used a dictionary word, or my birthday, or even a short word (and after this I'm going to change it).
No, I have a compound set of words, totalling nine characters. My damned back yells at me because I have a password for my PIN which is too long (and may be why I had trouble getting money in Ukraine, come to think of it. They said something about overseas machines not liking PINs longer than four digits. I can live with that), it isn't as if I am completely clueless about the issue.
I didn't mind them telling me about it yesterday, but Christ on a Crutch, telling me about it every time I post an entry is damned annoying. I saw it the first time. I'm an adult. I think I can be allowed to make up my mind about something like this, without having to put up with being nagged like a toddler to pick up his toys.
(edit)
It seems, they now insist in the inclusion of a number. My use of a space, I guess, isn't as secure as randomly tossing in a digit.
It isn't as if I've used a dictionary word, or my birthday, or even a short word (and after this I'm going to change it).
No, I have a compound set of words, totalling nine characters. My damned back yells at me because I have a password for my PIN which is too long (and may be why I had trouble getting money in Ukraine, come to think of it. They said something about overseas machines not liking PINs longer than four digits. I can live with that), it isn't as if I am completely clueless about the issue.
I didn't mind them telling me about it yesterday, but Christ on a Crutch, telling me about it every time I post an entry is damned annoying. I saw it the first time. I'm an adult. I think I can be allowed to make up my mind about something like this, without having to put up with being nagged like a toddler to pick up his toys.
(edit)
It seems, they now insist in the inclusion of a number. My use of a space, I guess, isn't as secure as randomly tossing in a digit.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2005-10-22 05:41 pm (UTC)However, I believe that the intent of my comment still stands:
1) If they're having security issues then adding a single number to every password does substantially hinder the efforts of people trying to harvest accounts for malicious purposes.
2) The security of a 4 number key code in a two part verification system is actually pretty secure.
3) I don't get nagged at all, if it nags you at every post is it because you log in each time? I think that most people only log in once in a blue moon.
In other words, while it's irritating, there may be good technical reasons for each of the points in your rant. Maybe not, but maybe. Either way it does not effect its being annoying, which I believe was your point.
no subject
Date: 2005-10-23 04:08 pm (UTC)My new password is no more secure than my last one. They went to a great deal of effort (in effect sniffing my password enough to determine it had no digit, which is offensive on one level) without actually looking at the real security of it.
They didn't insist I have an eleven character password, and add a number. I would have been allowed to go down to a five character password, and add a digit, a net loss of security.
It's theater, and that bothers me, because the net effect of security theater is to decrease overall security.
Which was the more important point, after my being annoyed raised the first.
TK
no subject
Date: 2005-10-23 05:04 pm (UTC)In their defense: any moron who hears "Your password isn't secure enough, please add a number," and proceeds to change their password from "Kzyudkjad" (5.6 trillion permutations) to "Ndsz3" (62 million permutations), is beyond help.
However randomly *adding* a number increases the complexity by more than 2 orders of magnitude to 3.3 Quintillion permutations. Naturally, it's not that complex for dictionary words.
So, yes, some users are technically allowed to use a less secure password (and some users with less secure passwords are not being bothered). However I expect the majority of people to maintain or increase their password length, so the net security gain is significant.
If LiveJournal needs to increase their overall security, I think that a very simple set of rules is better than more complex requirements. If they want force everyone to use a secure password... that's another situation entirely.
no subject
Date: 2005-10-23 04:09 pm (UTC)TK
no subject
Date: 2005-10-23 04:22 pm (UTC)