Slashdot Mirror


Slashdot Asks: Are Password Rules Bullshit? (codinghorror.com)

Here's what Jeff Atwood, a founder of Stack Overflow thinks: Password rules are bullshit. They don't work.
They heavily penalize your ideal audience, people that use real random password generators. Hey, guess what, that password randomly didn't have a number or symbol in it. I just double checked my math textbook, and yep, it's possible. I'm pretty sure.
They frustrate average users, who then become uncooperative and use "creative" workarounds that make their passwords less secure.
Are often wrong, in the sense that they are grossly incomplete and/or insane.
Seriously, for the love of God, stop with this arbitrary password rule nonsense already. If you won't take my word for it, read this 2016 NIST password rules recommendation. It's right there, "no composition rules". However, I do see one error, it should have said "no bullshit composition rules".
What do you think?

5 of 498 comments (clear)

  1. Re:Customer Psychology by Ryanrule · · Score: 5, Funny

    Just use one of those weak/medium/strong meters. Pick a strength at random.

  2. Re:In your face Betteridge! by Hognoxious · · Score: 4, Funny

    Why couldn't they hash & store each character separately - so it's effectively multiple short passwords?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  3. Re:Of course you are right - but how to make it st by MightyYar · · Score: 4, Funny

    Make sure the creases in your aluminum hat are sharp and at a 60 degree angle.

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  4. Re:In your face Betteridge! by Oswald+McWeany · · Score: 5, Funny

    Things you should never use as a password:

    1) Your first pet's name
    2) The street you grew up on
    3) The model of your first car

    Things banks use for "security questions":

    see above.

    That why I always use Password123

    --
    "That's the way to do it" - Punch
  5. Re:Let me see what I type by freeze128 · · Score: 4, Funny

    Yes! I agree. Let him see his password as he types it. I'm standing over his shoulder....