Author Topic: Password "Security"  (Read 2944 times)

...You Lost Me

  • Minion
  • **
  • Posts: 103
    • View Profile
    • Awards
Password "Security"
« on: April 01, 2012, 11:36:52 PM »
I have a complaint about password security. Just gonna put it out there that having an 8-character requirement is not enough of a defense barrier. I mean, I've experimented with making my password "YYYYYYYY", and it totally works... I think more needs to be done if security is serious, or less needs to be done so my password here will match up with those in my other accounts.

Yoder

  • Sage
  • Miniboss
  • *****
  • Posts: 814
  • Gender: Male
  • I exist.
  • Ballot Box Eye of Seeing Art Aficionado
    • View Profile
    • Awards
Re: Password "Security"
« Reply #1 on: April 01, 2012, 11:59:14 PM »
If you want more security, make your password more secure. This level of password requirement isn't so unnatural.
"Trifles go to make perfection, and perfection is no trifle."
~ Michelangelo

My Homebrew

My friend just shared this: "Remember that time Gandalf convinced the whole party to flee so that he could take out the Balrog and not have to share any of the XP? Shows up the next session with fancy new robes and everything. What a jerk."

afroakuma

  • Administrator
  • Elite
  • *****
  • Posts: 437
  • Gender: Male
  • Prayer Wing Scroll of Scribes Problem Solver RoC Staff Art Aficionado Eye of Seeing Aquarius Dev Team
    • View Profile
    • Awards
Re: Password "Security"
« Reply #2 on: April 02, 2012, 12:03:20 AM »
If I'm reading this correctly, the complaint is that this user normally employs a shorter password, and that the security restriction which is forcing a longer password on the user is near-meaningless without additional securitization.

Flickerdart

  • Bathtub Admiral
  • Administrator
  • Minion
  • *****
  • Posts: 91
  • Problem Solver RoC Staff
    • View Profile
    • Awards
Re: Password "Security"
« Reply #3 on: April 02, 2012, 12:09:37 AM »
8-character minimum is a pretty standard password minimum length. I don't think I've ever encountered a website that would allow a shorter password.

Isn't having the same password for everything you use more of a security risk?

afroakuma

  • Administrator
  • Elite
  • *****
  • Posts: 437
  • Gender: Male
  • Prayer Wing Scroll of Scribes Problem Solver RoC Staff Art Aficionado Eye of Seeing Aquarius Dev Team
    • View Profile
    • Awards
Re: Password "Security"
« Reply #4 on: April 02, 2012, 12:44:27 AM »
less needs to be done

I somehow don't think security is his chief concern.

DragoonWraith

  • Sage
  • Global Moderator
  • Elite
  • *****
  • Posts: 407
  • Gender: Male
  • Typo Hammer Ballot Box Eye of Seeing Dev Team Art Aficionado
    • View Profile
    • DragoonWraith.com
    • Awards
Re: Password "Security"
« Reply #5 on: April 02, 2012, 12:18:33 PM »
Relevant:
Spoiler
Legend contributions: As Above, So Below (rewrite); Reap the Whirlwind, A Personal Touch, Kept Secret, Kept Safe (Professional Soldier); Combat Alchemist (extra track)

...You Lost Me

  • Minion
  • **
  • Posts: 103
    • View Profile
    • Awards
Re: Password "Security"
« Reply #6 on: April 03, 2012, 02:32:21 AM »
You haven't seen less than 8 characters in a password on other sites? I recommend Giant in the Playground, The Gaming Den, and D&D Wiki, as those are all RPG sites. Honorable mention goes out to Facebook of all things.

My point is that the website is halfing it between convenience and security. If security is actually important, 8 characters isn't a good minimum at all (see: "Tr0ub4dor&3" at 3 days and "correct horse battery staple" at 550 years), and if it's not all that important then why is there an 8-character password minimum? I understand the desire to fight spam, but I've been on 6-digit password forums for a long time and I have yet to see an account hack.

gkathellar

  • Tactician
  • Global Moderator
  • Ace
  • *****
  • Posts: 610
  • Gender: Male
  • My right hand was thunder, and my left was stone
  • Scroll of Scribes RoC Staff Dungeon Delver Eye of Seeing Dev Team Art Aficionado Magic 8-Ball
    • View Profile
    • Awards
Re: Password "Security"
« Reply #7 on: April 03, 2012, 10:05:38 AM »
... You Lost Me, I'm not clear. Your complaint is that our passwords are too long for you to copy-paste the password you use on other accounts (which is, just so you know, really goddamn dangerous), something that is apparently dreadfully inconveniencing to you. You have decided to support this claim by suggesting that password security is all-or-nothing, and that since we don't require 25-character triple-encoded ciphers, we should obviously be content with allowing people to enter the letter A and be done with it.

Your "point is the the website is halfing it between convenience and security;" is that necessarily bad? We like security, but we also like convenience and understand that it may be worth some compromises, since we're not exactly hiding the launch codes on a secret subforum. If you were demanding that our passwords are too short, you might be taken a little more seriously, because crypto geeks can at least pull some evidence-based arguments. But as it is, your claim basically amounts to saying that our passwords aren't long enough, ergo they should be shorter, because you can't be bothered to remember an 8-digit password.
Seven is the Number of Legend.
This is my mod voice.

afroakuma

  • Administrator
  • Elite
  • *****
  • Posts: 437
  • Gender: Male
  • Prayer Wing Scroll of Scribes Problem Solver RoC Staff Art Aficionado Eye of Seeing Aquarius Dev Team
    • View Profile
    • Awards
Re: Password "Security"
« Reply #8 on: April 03, 2012, 12:18:21 PM »
This topic doesn't need any further public debate; I've seen all I need.

Password minimum remains eight characters.

Any further thoughts on the matter can be PM'd to me.


« Last Edit: April 03, 2012, 12:31:38 PM by afroakuma »