I hate passwords which expire. This is why.
Sorry your password has expired- you must register a new one. Did anyone discover that password and hack my computer? No, but your password has expired- you must get a new one. Why do I need a new one since that one seems to be working pretty well? Well, you must get a new one as they automatically expire every 30 days. Can I use the old one and just re-register it? No, you must get a new one. I don't want a new one since that is one more thing for me to remember. Sorry, you must get a new one. OK, roses. Sorry you must use more letters. OK, pretty roses
No good, you must use at least one numerical space. OK, 1 pretty rose Sorry, you cannot use blank spaces. OK, 1prettyrose Sorry, you must use additional spaces. OK, 1fuckingprettyrose Sorry, you must use at least one capital letter. OK, 1FUCKINGprettyrose Sorry, you cannot use more than one capital letter in a row. OK, 1Fuckingprettyrose Sorry, you cannot use that password as you must use additional letters. OK, 1FUCKINGprettyroseshovedupyourassifyoudon'tgivemeaccessrightfuckingnow Sorry, you cannot use that password as it is already being used
Oh god, I work for the government, and this is my life. And I train people, so when they set their own passwords and forget them, they come to me like I am suppose to magically know what they set their passwords to.
Additional character requirements do increase security.
When you write a program to try every possible combination, special characters, numbers and capitalization requirements all increase the combination set you have to run through.
The problem is it's fucking pointless because a 10 letter password is unbreakable. A super computer may be able to break a hundred digit password in a matter of minutes, but if the super computer is 10ms across the internet, it might as well be a 486. It would be over 30 years just to try every combination in a numeric password, you'll be dead a thousand years before a 10 letter password gets hacked over the internet, barring revolutionary leaps in networking that remove latency from the equation.
https://howsecureismypassword.net/
Sites like this seem to think you're going to be using the login server to crack the passwords.
Now if you used a dictionary word, well... There's only a couple hundred thousand after all, even over the internet a password that weak can be broken. Then again, any system worth a damn should be doing a lockout after 3 failed attempts in a row. If something is trying to log in four hours straight, they have bigger security problems than password strength.
Where it will matter is when they get hacked.
Yes, psychoak is correct ..... the issue with passwords is their 'choice'.
'PASSWORD' is a password, but it's not exactly a good one....
It's actually not difficult to remember a password that is over ten characters, if you use it every day.
The problem your brain has (in my uneducated opinion) is separating and remembering the seemingly-random letters and numbers you chose. So use symbols in your password to break it into chunks. You play to the associative stregnths of the human brain this way, because you only need to remember one part of your password to trigger remembering the other parts and what order they all go in.
Well, that's the theory anyway.
My thing is long sentences, some meaningful some nonsensical and all greater than ten characters. One that I have is 17 characters long. Lets see some dinkleberry break that.
There are many great features available to you once you register, including:
Sign in or Create Account
