He's Fallen In The Water
Oct. 20th, 2005 10:13 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
alfvaenI was going to write about something else, but opening my LJ client, it came up with a box telling me that my password is too easy to guess. This happened on Neopets a few weeks ago, and it forced me to change it to something that had numbers and/or symbols in it. I admit that when I first started on Neopets, I used one of my easier-to-guess passwords(it would've turned up in a Spanish dictionary, for one thing), because I didn't know how interested I would get in the site.
I admit that most of my passwords are monocase, all letters. I like to be able to type them quickly, and if I have one capitalized letter, then I will have to type it slowly or make mistakes--I have a heavy finger on the shift key and often capitalize two letters by mistake. However, these passwords are mostly ten letters or longer, and tend to be both easy for me to reconstruct and yet hard to guess by manipulating word lists. I admit that I do sometimes reuse passwords on the Net, because there's only so many I can remember at a time--I've got eight Nationstates nations, each with their own passwords, Neopets, LJ, Wikipedia, Concord, Amazon, NaNoWriMo, and others I'm not remembering or deliberately omitting.
I used to run "crack", back when I was sysadmin at an ISP and was trying to guard against weak passwords. I used a Perl script for password checking that wouldn't allow people to change their password to something weak. And all my passwords would have passed that one.
Has Moore's Law brought the available processing power up to the point where 26^15 possible letter combinations is something worth trying? That's still 1.6e21 combinations, and that doesn't count all the shorter words, either. Or are people just panicking because of people who are picking crappy passwords, and think a simple heuristic involving "no all-lowercase passwords" will force people to pick something better?
I may change mine, or I may not. It's none of your business.
I admit that most of my passwords are monocase, all letters. I like to be able to type them quickly, and if I have one capitalized letter, then I will have to type it slowly or make mistakes--I have a heavy finger on the shift key and often capitalize two letters by mistake. However, these passwords are mostly ten letters or longer, and tend to be both easy for me to reconstruct and yet hard to guess by manipulating word lists. I admit that I do sometimes reuse passwords on the Net, because there's only so many I can remember at a time--I've got eight Nationstates nations, each with their own passwords, Neopets, LJ, Wikipedia, Concord, Amazon, NaNoWriMo, and others I'm not remembering or deliberately omitting.
I used to run "crack", back when I was sysadmin at an ISP and was trying to guard against weak passwords. I used a Perl script for password checking that wouldn't allow people to change their password to something weak. And all my passwords would have passed that one.
Has Moore's Law brought the available processing power up to the point where 26^15 possible letter combinations is something worth trying? That's still 1.6e21 combinations, and that doesn't count all the shorter words, either. Or are people just panicking because of people who are picking crappy passwords, and think a simple heuristic involving "no all-lowercase passwords" will force people to pick something better?
I may change mine, or I may not. It's none of your business.
