Slashdot Mirror
Password Security Not Easy
mekkab writes "The Wall Street Journal reports (yet again) that despite knowing better, users do dumb things to compromise security. Is seven different 8 character passwords (with numbers and mixed cases) really too much to ask? Do people need training on how to make well known phrase (to them) into a perfect password acronym, or other memory boosting techniques? Or is it that the entire business culture needs to change from within to take digital security seriously?" If you require unmemorizable passwords, you've effectively changed the security requirement from "something you know" to "something you have", and if the required dongle is a note under your keyboard...
I hate people that put their password under their keyboard. Like damn people, on the underside of the desk, is that so much to ask.
"I use a Mac because I'm just better than you are."
My password is weu@$9JKcpw34.
No one has ever guessed it.
Best password/pin ever:
[King Roland has given in to Dark Helmet's threats, and is telling him the combination to the "air shield"]
King Roland: One.
Dark Helmet: One.
Colonel Sandurz: One.
King Roland: Two.
Dark Helmet: Two.
Colonel Sandurz: Two.
King Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three.
King Roland: Four.
Dark Helmet: Four.
Colonel Sandurz: Four.
King Roland: Five.
Dark Helmet: Five.
Colonel Sandurz: Five.
Dark Helmet: So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard! That's the kind of combination an idiot would put on his luggage!
Vivin Suresh Paliath
http://vivin.net
I like
(Disclaimer: Please don't play this game!)
1) Take the following five passwords:
- password
- slashdot
- 123456
- password123
- [Username]
2) Attempt to login to as many slashdotters accounts as possible.
3) Post incriminating/stupid/slanderous/troll comments on behalf of users you now 0wn.
4) While the FBI are busy smashing down your door: Take a hammer to your hard-drive's plateaus, and run like a screaming idiot while you think about how stupid you where to follow my instructions.
(Disclaimer: Please don't play this game!)
P.S. If your password was listed above: Change it!
incredible some slashdot users don't even use password
see this anonymous coward, shame on him
I use aaaaaaaa and goatse911 for everything. Haven't been rooted yet...
...just put them all in an Excel spreadsheet, keep a copy printed out and stored in your filing cabinet under a folder labeled "Passwords" and don't lock the cabinet.
I gave my two weeks' notice and this was the first thing my bosses wanted me to do: write down all the passwords for them so they could keep everything on file.
Fantastic.
There will always be that one person who will use their first name and last initial
Yeah. Bunch of idiots. That's why I drop the last initial.
Free XBox, PS2
You'll be surprised by how dramatically your capacity to remember passwords will improve once this becomes a regular feature of your workday.
For added effect, construct horribly complex and impossible to remember passwords a few times every day. Over time, basic survival instincts and the urge to avoid the inevitable kick in the balls will overcome the limitations posed by your poor memory.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
My luggage is 1, 2, 3, 4, 5. Probably your luggage too.
Actually, I have my luggage combination written in sharpie on the outsize, right next to the lock. It's 0-0-0-0. That's so the TSA can open it up if the numbers happen to get bumped away from 0-0-0-0.
Online I have an easy password, which is used everywhere unimportant; a medium password, which is used on sites that I would not want to lose the account for; a hard password used on sites with sensitive and personal information; and a secure password which is used on sites with direct access into my bank account, such as bill pay sites.
At work they require us to have those unmemorizable passwords, so I just tatooed it on my cock where it's always 'handy'. Had a bit of trouble when they increased the length from 6 to 8 letters. Those last two letters hurt quite a lot.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Tell me about it, just the other day I rooted some guy who used aaaaaaaa and goatse911 for everything. Poor sucker probably doesn't even realize he's been rooted yet.
Admit it, you "forget" your password on purpose sometimes, don't you.
You sick bastard.
It would be interesting to mix passwords and biometrics. In medium security settings, you could simply provide the requested information directly using the keyboard.
Linux 2.2 (pts/1)
username: cmdrtaco
cock size: 2inches
Welcome to The Lunix
>
Is that you?
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
We have very tight security. Every time I change my password, someone in the IT department calls me up and asks what I changed it to so they can verify that the new password is really secure.
I like the sites that ask you to provide a challenge question that they will ask if you forget your password. My question is always "Go fuck yourself" and the response is whatever happens when I smack my palm on the keyboard repeatedly until the character limit is reached. I don't forget my passwords. :)
Of course, then you call up your bank and all they want is your SSN and mailing address... Sheesh.
The enemies of Democracy are
I thought our help-desk guy might have been the original BOFH, but I was wrong. Even he wouldn't have thought of that. Man, you are harsh.
/users/random_user/*.ppt"]
[Suddenly the phone rings, disturbing the BOFH's game of Half-Life]
[random_user]Hello Help Desk? I forgot my password. I have to print a powerpoint document for a briefing I am giving in 5 minutes so I need my password reset right now!
[BOFH] Oh....let me check...we can only reset passwords once a day between 6AM & 7AM because it affects the user settings and we can do that after the server's been initialized. Otherwise the server might malfunction and several random files could be deleted from your home directory. Are you sure you can't wait until later?
[random_user][pauses]yes, I need it NOW. I'm briefing our department VP in 5 minutes.
[BOFH]ok... you're the boss...I'm resetting it to "12345678"...try loging on in a few minutes [while typing "del
Yeah, no kidding. A junior manager in a company I worked as IT manager for got all pissed off because I required minimum 8-char passwords, so he set it to FFFFFFFF.
:) Funny part was, he also didn't know that the company owner had a much better catalog of porn links than he did...
Imagine his surprise when he found himself locked out of the system the next morning. Seems he didn't know I ran a password cracker against the password database every morning. 'course, he also didn't know I had caller-id. It took him until mid-afternoon to finally get hold of me, and only then because he got off his fat butt to physically track me down.
He tried to threaten me by saying he'd report me to the company owner. Seems he also didn't know that the company web proxy kept logs of all activity.
I kinda miss that job.
I once worked for a company where the insane CEO (dotcom era) decided to get serious about security by requiring daily password changes.
The cool thing was that they never implemented any restriction on what the passwords could be.
I think the most common passwords that resulted were Monday, Tuesday, Wednesday etc.
Sometimes my arms bend back.
>a E9 b ?p c &m
;-)
>d 6K e aY f eP
>g !S h gn i D=
>j Hd k vw l Cb
>m W5 n 4$ o R3
>p x% q 7M r NF
>s +2 t s* u Ay
>v fL w zG x Zu
>y cX z Qr
So what does the output of that Perl script look like?
-- TheMadRedHatter
while(1)
{
}
Ah, the story of life.
... and the next day he woke up in a bathtub full of ice and his kidney was gone.
Just stay away from Dvorak keyboards!
CEE5210S The signal SIGHUP was received.
Tolken-based authentication?
Is that where your smart-card device is a ring of power? Or where a hobit is required to gain access?