SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is the password policy at my school system.
    Code:
      Password policy as follows:
      MAXLENgth      8  Maximum significant number of characters
      MINLENgth      7  Minimum number of characters
      MINUNIQue      5  Minimum number of different characters
      MINTYPes       3  Minimum number of character types
      MAXDigitRun    2  Maximum number of consecutive digits
      MAXAlphaRun    3  Maximum number of consecutive letters
      MINDIFf        2  Minimum distance from dictionary word
      DICTionary   "/usr/dict/words"
      REJect:
       [#@]                                             illegal characters (# or @)
       [a-zA-Z][0-9][a-zA-Z].*[0-9][a-zA-Z][0-9]             similar to postal code
    Character "types" are upper-case, lower-case, digits, punctuation, and other.
    When I first got my password, I intended to change it, however, after a while, couldn't think of one that is feasible, I memorize the default one, and still now
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  2. #2
    SitePoint Columnist Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So your password has to be 7-8 letters long?

    Bit limiting...

  3. #3
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    True, I didn't realize it eh
    If use brutal-force attack, it would be quite fast (if the password is stored locally)
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  4. #4
    SitePoint Wizard westmich's Avatar
    Join Date
    Mar 2000
    Location
    Muskegon, MI
    Posts
    2,328
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It looks like it also needs to have at least five different characters. It seems that users would end-up creating random-like passwords.

    I've read some discussion on this before, 'Is it better to have random passwords or user-defined passwords'. Many think that it is better to have user-defined passwords with a decent amount of charachters, like 16+ characters.
    • Users tend to write down random passwords and leave it near thier desk
    • longer, user-defined passwords can be made up of a combination of words that isn't easy to crack
    • more convienent
    Westmich
    Smart Web Solutions for Smart Clients
    http://www.mindscapecreative.com

  5. #5
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I agree with you Westmich.
    Since it's the policy, so I don't have any control over it

    However, if we use dictionary-attack, each word in the dictionary is considered a single character in brutal-force attack, which make the cracking process much faster. This, I think, is the major drawback of long user-defined password.
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  6. #6
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I once had to create a password that was at least 6 characters long, containing at least one uppercase letter, at least one lowercase, at least one digit, at least one non-alphanumeric character, and no dictionary words.

    It was tough to think of one, and to remember it!

    I ended up with Walp.1 - don't worry I don't use that password anymore.

    By the way, I must be a member of tens or hundreds of things, and I recycle the same passwords.

    Theoretically this is really bad, but I know a few different passwords off by heart, and I use different ones depending on how important it is.

    If it involves money or something I use a totally unique password though. For example on my hosting account I use a really long one with digits and everything.
    [mmj] My magic jigsaw
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    The Bit Depth BlogTwitterContact me
    Neon Javascript FrameworkJokesAndroid stuff

  7. #7
    SitePoint Enthusiast DCE's Avatar
    Join Date
    Feb 2001
    Location
    UK
    Posts
    39
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by mmj
    I once had to create a password that was at least 6 characters long, containing at least one uppercase letter, at least one lowercase, at least one digit, at least one non-alphanumeric character, and no dictionary words.
    That would have been some dictionary word if they had allowed them..... let me think..... Fk7] 6y no that didn't do it
    I think it would have to be a Welsh word but that would mean, you couldn't use any vowels
    DCE
    If everything seems to be going well, you have obviously overlooked
    something.

  8. #8
    Hi there! Owen's Avatar
    Join Date
    Jan 2000
    Location
    CA
    Posts
    1,165
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There's no reason for such security at a school. I bet a very large percentage of students forget it and a even larger percentage write it down. I certainly would have to if I had one that I can't remember. I wouldn't even doubt that a lot of students know someone else's password.

    Owen

  9. #9
    ********* Addict
    Join Date
    Apr 2000
    Location
    Posts
    272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I already got in trouble for finding out other people's passwords. I possessed 10 or something. Quite a lot, I know. Actually, nothing happened, but he said he would remove me from the system if I done it again. Not nice. I'm not going to do it again.

  10. #10
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Owen
    There's no reason for such security at a school. I bet a very large percentage of students forget it and a even larger percentage write it down. I certainly would have to if I had one that I can't remember. I wouldn't even doubt that a lot of students know someone else's password.

    Owen
    I'm not sure how they came up with this policy, but I don't see a lot of people have to look up the password when logging in.
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  11. #11
    midnight coder
    Join Date
    Dec 2000
    Location
    The flat edge of the world
    Posts
    838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    To make a secure password, hold down Alt and push four numbers on the NumPad, it'll make one of those funny looking chracters, and not many password crackers even bother including those eyes in the cracking.

    Something like this will be pretty hard to crack, but it's pretty short:

    [RÝbÝ]

    Basically just Alt plus any memoriable four digit number.

  12. #12
    SitePoint Wizard
    Join Date
    Apr 2000
    Posts
    1,483
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I pride myself on my own password policy
    10-15 chars long, totally random sequence of letters and numbers generated by the computer. I have a few different passwords of a similar policy for various different things around the computer and the web.
    Every so often I regenerate them all, something I should really do more often.

    Sadly I don't even have the Number Pad on my keyboard - it is a laptop-type keyboard on a PC. So that last solution wouldn't really work for me

  13. #13
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    James, so you have really good memory (10-15 chars and change every so often)

    About the special chars, some system doesn't allow them. And most likely, not so many people try to use them in their password.
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  14. #14
    SitePoint Wizard
    Join Date
    Apr 2000
    Posts
    1,483
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes it takes me 2-3 days to remember it but after that it is solid in my mind for ever I can still remember my passwords from years back

  15. #15
    SitePoint Enthusiast JohnM's Avatar
    Join Date
    Dec 2000
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    James: Start -> Run -> charmap
    - John M

  16. #16
    midnight coder
    Join Date
    Dec 2000
    Location
    The flat edge of the world
    Posts
    838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Son Nguyen
    And most likely, not so many people try to use them in their password.
    That's why it is a good way to set a password. Of course you won't make such password policy so everyone has to have those special chracters, but if you want to have a secure password to protect something, the special characters are really good. Crackers most likely don't bother trying them. Since not so many people try to use them in their password.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •