Comments | ozy: Password Security

ozy

Password Security

Apr 11, 2009 21:24

I have decided that a high level of password complexity, as a means for secure login authentication, is mostly useless. Password complexity is where sites or systems require a minimum length and at least one capital letter, number or symbol in a password to add complexity and decrease the chance that a hacker will figure out your password ( Read more... )

Comments 7

dj_diosa April 12 2009, 17:02:20 UTC

Someone got into my DJ business email that I've had for like 6 years and changed the password. I have no idea how that could have happened. Hotmail has yet to get back to my emails about it.

I never gaave anyone the password and never logged in on a comp someone else used.

I have NO idea how it could have happened and will possibl lose some business and contact with more than a few people cause of it.

ozy April 17 2009, 08:44:02 UTC

I've heard of that happening too. That stuff puzzles me, because typically you can't just use brute force and find a password through trial and error on most email logins. They generally block you after several failed attemmpts but I guess there are some that will allow unlimited incorrect password attempts. That method is so time consuming even with a computer trying different password variations that it doesn't seem realistic.

It surprises me when an account is hacked for a person who is careful about their password. I wish I knew how that happens, but generally speaking the easiest way to get access is to get the actual password through some method.

(The comment has been removed)

ozy April 17 2009, 08:50:18 UTC

I think password complexity, and systems requiring users to change their password periodically may even cause more problems. Users trying to remember their new password, or a password unique to that system might be more likely to write it down or keep it where it can be found by others. I think many people use the same or similar passwords for all their logins. I know that isn't a secure method for passwords, but making passwords more difficult to remember can cause problems too.

peenksaturn77 April 13 2009, 03:58:48 UTC

Not a fan of it. I second what Mikey said.

ozy April 17 2009, 08:53:49 UTC

I hax0red yuo. n00b.

curiositykillz April 13 2009, 21:19:53 UTC

I just change my password every few months.

ozy April 17 2009, 08:52:45 UTC

That's a good idea if you can manage it. Typically if someone hacks an accunt, they will change the password right away to lock you out and use it for their purposes. However, if they have gained access and wish to monitor your actions or do other things you wouldn't normally notice, changing your password can put an end to that.