Nuisance

[pecunium]

Is anyone else having the LJ server warn them that their password is too easy to guess?

It isn't as if I've used a dictionary word, or my birthday, or even a short word (and after this I'm going to change it).

No, I have a compound set of words, totalling nine characters. My damned back yells at me because I have a password for my PIN which is too long (and may be why I had trouble getting money in Ukraine, come to think of it. They said something about overseas machines not liking PINs longer than four digits. I can live with that), it isn't as if I am completely clueless about the issue.

I didn't mind them telling me about it yesterday, but Christ on a Crutch, telling me about it every time I post an entry is damned annoying. I saw it the first time. I'm an adult. I think I can be allowed to make up my mind about something like this, without having to put up with being nagged like a toddler to pick up his toys.

(edit)

It seems, they now insist in the inclusion of a number. My use of a space, I guess, isn't as secure as randomly tossing in a digit.

Comments

[cmpriest.livejournal.com]

Yup. Me too.
Getting tired of it.

[geekchick]

My LJ client (Deepest Sender) warned me once, I ignored it, and haven't seen the message since.

[pecunium.livejournal.com]

Now that I know the cause... I'm really irked. My password was secure, at least as secure as the new one. Stupid rote ideas.

TK

[crisavec.livejournal.com]

I haven't seen it yet, but a friend saw it and asked me about it last night.

[lawgeekgurl.livejournal.com]

ditto.

I actually started to think it was a trojan or some kind of phising thing, it happened so often.

[pecunium.livejournal.com]

Hadn't thougt about that.

Because of how it cropped up I was the victim of presuming it was legit. Interesting.

Had it not been something which came up when I posted, or had comeup when I logged in (though as I use the secure server to log in, that's less likely to trip alarms too. I'll have to get a tad more suspicious). I'd have used the usual link to go and change my password.

TK

[kibbles.livejournal.com]

So annoying, I had changed it because I couldn't be bothered, adding numbers to my nonsense phrase worked.

[soldiergrrrl.livejournal.com]

Yes. I got annoyed with it and finally changed the stupid thing.

:-P

BTW, did you get the pictures I sent? I'm just being anxious.

[pecunium.livejournal.com]

Yes I did.

The guy humping it in front of the chopper is well composed, but either the focus was off, or the shutter was slow.

Dog tags was great.

TK

[soldiergrrrl.livejournal.com]

Yeah, I'm not sure what happened with that one, unless it was the fact that I was shooting through enought dust to literally choke me. Six birds landing on the pad at Falcon was unreal. I've now got a good idea how brownouts happen.

I've got some shots where all you can see is the shit hitting my lens/filter.

The B&W are just things I was playing with.

I'm glad you like the dogtags shot. That was one of the really lucky shots that I just happened to get. He was standing in a little tiny patch of gold light. I was pretty happy with it.

I'm actually waiting for some of the shots I took outside in the city to get back to me. I burned them on CD and took them home, and didn't bring them back. :-(

So, my mom sent them out a few days ago.

[soldiergrrrl.livejournal.com]

Like I said, I don't mean to pester, but I'm really, really anxious about applying to the school.

I have so much to learn that it's scary, but...and please tell me honestly, do you think I could develop the "eye" for it?

Anyway, don't mean to abuse your LJ or your friendship, you're just one of the few photogs I know who's not in my unit and knows me a little bit better than the average bear, and might be able to help me pick out stuff that shows "me" to the school.

Make sense?

[lietya.livejournal.com]

I know another couple of people who are getting these warnings. I'm nto sure what brought it on.... guess LJ might be having hacking problems, or something.

[pecunium.livejournal.com]

If this be the music of abuse, play on.

Dearheart, given the vagaries of what we have for comms, feel free to post anything you want to ask me here. If you worry about someone seeing it, delete it, "immedjiatly". I'll still get it, and I can send it back to you, via other channels.

Asking me questions about things I know isn't abusing friendship, it's part and parcel.

Yes, you can develop an eye. It isn't just that anyone can (because anyone can) but you are playing with things that imply you have something of an eye. Isolation, repetition, pattern, comparasion. Those are the tools of the trade, just as much as knowing where to put the machine guns for a base of fire are to the infantry.

You have some talent. I don't know how much, because I can't see all you are doing with it, nor yet what you want to do with it (if you want to shoot fashion, that's a whole 'nother world). But I've not seen anything which makes me think you can't do it.

TK

[hammercock.livejournal.com]

I got that warning for the first time last night, but I didn't get it today. Weird.

[insomnia.livejournal.com]

Yes, but I ignore it, as I also have a quite secure password.

[theodora.livejournal.com]

I was immediately worried about phishing, but the way it came up it seemed legit.

[mountain-spirit.livejournal.com]

totally. i have the same complaints - see my next to most recent post

[ardemus.livejournal.com]

This is one of the sites that I'm not too worried about. My password is not secure, but I haven't gotten a warning. I imagine that it would nag me if I logged in, but I only do that when I use another PC (which I expect is the case for most people).

On the other hand, a compound set of (even obscure multilingual) dictionary words is not very secure. Adding a single random number (at a non word boundary) makes an alpha only password orders of magnitude harder to crack.

These get progressively harder to crack:
BlueGonzo
Blu3Gonzo
BlueGonzo3
Blue3Gonzo
BlueG3onzo is *much* harder to crack (mainly because the location of the number is uncommon and unpredictable).

Also, a 2 part verification system (pass code and Thumbprint, ID Card, etc.) is much more secure than a public username and a simple password.

I'm no expert, but that's my understanding.

[pecunium.livejournal.com]

I understand the intricacies of passwords. Given a string of eleven letters, and the function of the maths to find them, it's pretty secure. Yes, it can be cracked, but (since all security is a trade-off) the value of what I am protecting here is small (save someone going in and stealing the .jpgs I have posted there isn't anything here which is going to cost me money), mostly the prevention of short-term embarrasment.

So telling me my password is insecure, merely for the lack of a number borders on the inane, since it was in need of a fair bit of hacking, some social engineering to get me to give it up, or unbelievable insight into my mind's inner workings.

The middle can be done, or not, regardless of how secure the protocol is, the latter might be doable regardless as well.

It's form over function.

TK

[ardemus.livejournal.com]

Agreed, it's a nuisance to be forced to secure something that you're not concerned about. Like the millions of hours wasted at an airport because of one terrorist attack; an attack that took less lives than the annual death toll of the flu.

However, I believe that the intent of my comment still stands:

1) If they're having security issues then adding a single number to every password does substantially hinder the efforts of people trying to harvest accounts for malicious purposes.

2) The security of a 4 number key code in a two part verification system is actually pretty secure.

3) I don't get nagged at all, if it nags you at every post is it because you log in each time? I think that most people only log in once in a blue moon.

In other words, while it's irritating, there may be good technical reasons for each of the points in your rant. Maybe not, but maybe. Either way it does not effect its being annoying, which I believe was your point.

[ladymeow.livejournal.com]

Yep. It's annoying.

[pecunium.livejournal.com]

My complaint isn't that they are patching holes, but that they are applying rote formula.

My new password is no more secure than my last one. They went to a great deal of effort (in effect sniffing my password enough to determine it had no digit, which is offensive on one level) without actually looking at the real security of it.


They didn't insist I have an eleven character password, and add a number. I would have been allowed to go down to a five character password, and add a digit, a net loss of security.

It's theater, and that bothers me, because the net effect of security theater is to decrease overall security.

Which was the more important point, after my being annoyed raised the first.

TK

[pecunium.livejournal.com]

It nagged me everytime I posted. Not at log in, but at posting.

TK

[ardemus.livejournal.com]

Really? At that point it depends on what they're doing. I wouldn't mind a red line at the top of the submission confirmation page. However, if it throws a pop-up (or it requires an extra click in some other way), then it's absolutely absurd.

[ardemus.livejournal.com]

I do see your point.

In their defense: any moron who hears "Your password isn't secure enough, please add a number," and proceeds to change their password from "Kzyudkjad" (5.6 trillion permutations) to "Ndsz3" (62 million permutations), is beyond help.

However randomly *adding* a number increases the complexity by more than 2 orders of magnitude to 3.3 Quintillion permutations. Naturally, it's not that complex for dictionary words.

So, yes, some users are technically allowed to use a less secure password (and some users with less secure passwords are not being bothered). However I expect the majority of people to maintain or increase their password length, so the net security gain is significant.

If LiveJournal needs to increase their overall security, I think that a very simple set of rules is better than more complex requirements. If they want force everyone to use a secure password... that's another situation entirely.

[soldiergrrrl.livejournal.com]

If this be the music of abuse, play on.

Dearheart, given the vagaries of what we have for comms, feel free to post anything you want to ask me here. If you worry about someone seeing it, delete it, "immedjiatly". I'll still get it, and I can send it back to you, via other channels.

Asking me questions about things I know isn't abusing friendship, it's part and parcel.

Thank you. :-)

Yes, you can develop an eye. It isn't just that anyone can (because anyone can) but you are playing with things that imply you have something of an eye. Isolation, repetition, pattern, comparasion. Those are the tools of the trade, just as much as knowing where to put the machine guns for a base of fire are to the infantry.

Cool! I'll have to send you some fo the stuff I shot out in the city when I get it. There are som shots there that I think are actually good. (For me, that's saying a lot.)

I've found that when I can actually settle down and shoot, instead of panicking about what I don't know (which sounds funny but it's true) I have a good time.

You have some talent. I don't know how much, because I can't see all you are doing with it, nor yet what you want to do with it (if you want to shoot fashion, that's a whole 'nother world). But I've not seen anything which makes me think you can't do it.

Fashion? Ick. Nope, I just want to capture what I see. :-)

[geekchick]

Never mind, I'm back to seeing it again.