The Case For Lousy Passwords

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Thursday December 16, 2010 @02:39AM from the love-for-the-lousy dept.

itwbennett writes "Since the Gawker and McDonald's hack attacks, the web has been overrun with admonishments against using weak passwords. But weak passwords have their place too, says blogger Peter Smith. Like, for example, on Gawker, where he really doesn't care if it gets cracked. 'Life is too short to be worrying about 24 character passwords for trivial sites,' says Smith. And, to put things in perspective, your good passwords are pretty weak too. In a 2007 Coding Horror article, Jeff Atwood points out that the password "Fgpyyih804423" was cracked in 160 seconds by the Ophcrack cracker."

7 of 343 comments (clear)

Min score:

Reason:

Sort:

160 seconds? Windows? Bad example by fahlenkp · 2010-12-16 02:47 · Score: 5, Interesting

Why on earth are they mentioning how fast rainbow tables can break an old windows hash? That has nothing to do with most pages running apache on linux. The example password would last for quite a while against a brute force attack. Anyone worth their salt wouldn't allow that many auth attempts from one IP. Get it worth their salt? Lololol. Anyhow why is the windows example being used in this article at all?
Passwords are stupid by betterunixthanunix · 2010-12-16 02:53 · Score: 5, Insightful

Passwords are a very poorly designed security mechanism, yet no matter how many times this is pointed out, people still seem to think that the solution is to educate users about password security. Human brains just do not generate or remember random strings very well, and it is ludicrous to expect users to do so. Of course, passwords will always be around because password based systems are convenient.

--
Palm trees and 8
Re:people write down hard passwords by hey! · 2010-12-16 02:55 · Score: 5, Insightful

Actually having a hard password and writing it down is not such a bad idea. It's leaving the password under the keyboard that's a bad idea.
Look at this this way. That guy driving a Ferrari around town unlocks it with a key that *anyone* can use. It's reasonably safe, however, because he keeps the key in his pocket.
Of course, wallets get stolen. So what you do is this: you generate a strong eight character password, print it on a laminated card and keep it in your pocket. You choose a memorable six character password and keep it in your head. Then concatenate the two to form your working password. That's poor man's two factor security.

--
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
This is why... by RivenAleem · 2010-12-16 02:57 · Score: 5, Funny

12345 has always worked for me, on every site I've used. Some sites require a 6, and some even 7 and 8. I've never been hacked once!
I'd also like to add that I'm a giant douche and a poopy-head!
Re:Bad usernames too by Anonymous Coward · 2010-12-16 03:05 · Score: 5, Funny

Look it didn't even take me three minutes to crack his account.
Lastpass by defaria · 2010-12-16 03:07 · Score: 5, Informative

In a word - Lastpass. 'Nuff said.
Re:Bad usernames too by sideslash · 2010-12-16 04:13 · Score: 5, Funny

Yeah, bugmenot is cool. I use it for my online banking.