Slashdot Mirror

← Back to Stories (view on slashdot.org)

Passwords - 64 Characters, Changed Daily?

Posted by timothy on from the too-much-overkill-is-never-enough dept.

isepic writes "It seems over the past few years that the password requirements have changed - each time making it even more difficult to crack. My company just changed its password requirements from 180 days down to 90 for most servers and from a minimum of six characters up to eight. So, as parallel processing computer clusters gain in power according to Moore's law, how are we expected to change them in the next 2-10 years --- and how often?"

"Hopefully by then, there will be a better way, but I really don't want to have to change my password every 8 hours, and not be able to use the last 5 I've used, AND have them each be some awfully long and complex string of hard-to-remember ASCII codes just because a computer can crack a 32 char password in 10 seconds.

What are your thoughts? Do you think one day we'll be SOL, or do you think something 'better' may come (e.g. biometric scanners on every keyboard and or mouse and or monitor - etc.)"

19 of 645 comments (clear)

  1. Just do what I do by thammoud · · Score: 5, Funny

    password1 password2 password3 password4 based on the month that you are in.

    1. Re:Just do what I do by Anonymous Coward · · Score: 5, Funny

      just checked, you don't do that.

    2. Re:Just do what I do by kv9 · · Score: 3, Funny

      in soviet russia passwords change *you*.

      --
      Stop Computers/Cars Analogies on S
    3. Re:Just do what I do by geekoid · · Score: 2, Funny

      IN comedy, it is well know that something can become funny again.

      BTW, not everyone shares YOUR sense of humor.

      In Soviet Russia, nostalgia jokes you.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    4. Re:Just do what I do by gotacap · · Score: 4, Funny

      You know, I had a strong password generator on my website for a while, but then I realized that most people paranoid enough to use a generator would be paranoid that I would be logging all strong password requests and then trying the results to get into the machines I found in my server logs... It's still there, I use it myself, but I don't tell my users where it is anymore.

    5. Re:Just do what I do by Anonymous Coward · · Score: 1, Funny

      ObSpaceballs:

      Dark Helmet: "1 - 2 - 3 - 4 - 5? That's the kind of combination an idiot would have on his luggage!"

      President Scroob: "1 - 2 - 3 - 4 - 5? That's the same combination I have on my luggage!"

    6. Re:Just do what I do by Drachemorder · · Score: 4, Funny
      "On one occasion I chose 123456"

      That's amazing! I have the same combination on my luggage!

    7. Re:Just do what I do by nanojath · · Score: 2, Funny

      Even worse, it encourages people to write their passwords down and store them in what is probably a very insecure location!

      Hold on, are you saying that the post-it note labled "network password" on my cubicle wall is insecure?

      --

      It Is the Nature of Information to Transgress Artificial Boundaries

    8. Re:Just do what I do by OptimizedPrime · · Score: 2, Funny

      If you want to use a sticky note, contaminate it with lsd and put the password behind it, covered by the note. Net admins can be told to wear gloves...

  2. Good news for hacker by usefool · · Score: 5, Funny

    Wasn't there a joke that if users are required to change password every second, hackers just need to keep on trying the same password until users themselves changed to match the hacker's password?

    --
    Uselessful technology (Air-Charged
    1. Re:Good news for hacker by Anonymous Coward · · Score: 2, Funny

      I think you got it wrong. Doesn't this joke involve monkeys and Shakespear...

    2. Re:Good news for hacker by ryanvm · · Score: 4, Funny

      Wasn't there a joke that if users are required to change password every second, hackers just need to keep on trying the same password until users themselves changed to match the hacker's password?

      I doubt it - jokes are supposed to be funny.

  3. Length & Considerations by Oculus+Habent · · Score: 5, Funny

    I could see a password of substantial length made of a phrase. Say, 64+ characters, changed every two weeks might be fine. Especially if you have a well-read workforce, which might enjoy making note of significant passages.

    You might want to [optionally] be able to use the first letter of each word as a "shorthand" password for re-verification moments, because typing in a 64+ character phrase everytime you lock your station could become tedious if you are away from your desk often.

    Alternately, if you have a number of services at work that should have different password, some sort of secure password comparison tool could be employed to at least ensure that employees aren't using the same password for everything. Not sure about an architecture for that, though.

    --
    That what was all this school was for... to teach us how to solve our own problems. -- janeowit
  4. Re:Biometrics by wkitchen · · Score: 4, Funny

    Oh, that'll be just great. Chopping off fingers and plucking out eyeballs will be the new definition of "social engineering".

  5. The problem is the input device, not pass length by GuyFawkes · · Score: 1, Funny


    typing
    kGNisksUI725K-{P#~iuiILl896&Tui@'p;p'HHP O~9yu* *(

    is going to be a pain in the ass for anyone if the input method is always going to be a qwerty keyboard...

    on the other hand a 20 dollar mongrel dog that I feed every day will never mistake me for anyone else...

    _electronic_ based biometrics however will completely suck

    --
    http://slashdot.org/~GuyFawkes/journal
  6. Perhaps make it more user friendly.. by t_allardyce · · Score: 5, Funny

    Windows XPs new password policy manager: "Im sorry, that password has already been taken by user john, please choose another"

    --
    This comment does not represent the views or opinions of the user.
  7. I don't see the problem at all! by termos · · Score: 5, Funny

    Luckily I have Gator for remembering all my passwords!

    --
    Note to self: get smarter troll to guard door.
  8. Re:Biometrics by Roofus · · Score: 2, Funny

    Chopping off fingers and plucking out eyeballs will be the new definition of "social engineering".

    Holy great hell, I'd love to see the social engineer that can convince somebody to chop off a finger voluntarily. They would put Mitnick to shame!

  9. Here goes my Karma.... by lewko · · Score: 3, Funny

    Note to mods...these 'In Soviet Russia' remarks are never, ever funny. Even if you remember a time

    In Soviet Russia, time remembers you!

    --
    Do you or your partner snore? - Visit www.snoring.com.au