- Sep 18, 2015
- MBTI Type
- Instinctual Variant
so you mean I can't figure out your old school's name, pet name etc. by calling your great aunty or something like that and giving her a boggus reason to give away the information ?
Dude, get real. This is not secure, giving me your personal story won't change how unsecure these ineffective and ubiquitous easy-to-hack security measures are.
I'm not attacking you personally. I'm happy for you if you make your passes a bit more secure - that still doesn't make the policy a good one. That's akin to saying that cars are perfectly safe because you've never died in one - not a good argument.
As to the passwords - the classic "ad at least one number and one symbol like !" well first off people will generally use the same symbols (! ? & ) and capitalize only the first letter of their password so it's not like it adds that much complexity to the password. You just set up your password breaking software to start with the most likely combination and it d probably cut down the time needed by a factor of thousands whether you use special symbols and numbers or not.
Secondly it's obvious the people who set it up are kind of low-level in terms of theory of mind / psychology. It's beyond obvious that you'll choose a shorter password if the site's asking you to setup a non-human-friendly password.+ you'll have to store it somewhere else than just in your brain because who the hell can remember :
a1rRbo4t& as easily as peachfetchingpricemarket.
So these passwords are not only in practice less secure by huge factors (generally millions time less secure ) but they're not user-friendly in any way.
in short - these policies suck and their wide adoption rate is just a testament to how short-sighted and frankly dull when it comes to any other type of intelligence than mathematical many developers are. Theories about what makes people and data safe are entirely irrelevant to what people actually do. Theory is always superseded by fact. .
Any questions ?
I honestly don't disagree. I highly doubt that people would have much luck mining enough info on me from my family and friends to reset my passwords. I am too paranoid/private for that.
But other than that, any real hacker could probably crack my passwords IF he/she really wanted with the right algorithm, random pulling or a keylogger but probably not from something overtly obvious such as knowing my hobbies and interests.
This thread makes me wanna update all my passwords though. Lol