Kaspersky says that if you had an old XT from the 1980s, an 8 character password can be brute forced in 43 years.
With a 2012 Mac Book Pro, 12 days, With a botnet, 51 seconds, With a supercomputer 1 second. I guess it depends on what you envision the bad guy having. From: Brett A Mansfield Sent: Thursday, October 26, 2017 7:33 AM To: [email protected] Subject: Re: [AFMUG] Sonar password requirements too strict? A appreciate your opinion, but I disagree. Thank you, Brett A Mansfield On Oct 26, 2017, at 6:58 AM, Mike Hammett <[email protected]> wrote: 8 characters is never enough. The size of your organization is irrelevant. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ------------------------------------------------------------------------------ From: "Brett A Mansfield" <[email protected]> To: [email protected] Sent: Thursday, October 26, 2017 7:56:46 AM Subject: Re: [AFMUG] Sonar password requirements too strict? I don’t like password managers. They make logging into things take forever. Also, I haven’t found one for Mac that I like. I was first talking about my password when setting it up. It doesn’t matter if it is customer facing or my admin password, I should be able to choose my level of security. An 8 character password is secure enough for me and my small organization. But customer passwords certainly need to be easier and more relaxed. Thank you, Brett A Mansfield On Oct 26, 2017, at 1:28 AM, Ryan Ray <[email protected]> wrote: I just realized you were talking about customer facing passwords, which absolutely should be somewhat easy as people seem to be pretty blase' about their password security, but anyone with a lick of tech knowledge should be using a password manager with a random long password for every site. I use 1password which has apps for Windows, osx, ios, android and browser extensions. Then every password is as long as the site will let me with random characters. On Wed, Oct 25, 2017 at 6:13 PM, Brett A Mansfield <[email protected]> wrote: Oh no, admin password should be very strong. But I am just barely playing with this for the first time and I didn’t know they made it so you can change the requirements. I’m quite impressed with sonar so far. It looks like it will take a very long time to setup because of how many features there are. Thank you, Brett A Mansfield On Oct 25, 2017, at 7:03 PM, Chuck McCown <[email protected]> wrote: Oh, for the customers. That is a different kettle of pickles. I agree, customer passwords can be less secure in my opinion. I thought you were talking about your admin password. From: Brett A Mansfield Sent: Wednesday, October 25, 2017 6:50 PM To: [email protected] Subject: Re: [AFMUG] Sonar password requirements too strict? I can tell already that it will be a serious challenge. I have a lot of customers that will be calling me just to complain that they cannot get into their account because the password requirements are too strict and they forgot their password again. Should I not be able to choose my own password requirements? Thank you, Brett A Mansfield On Oct 25, 2017, at 6:37 PM, Mike Hammett <[email protected]> wrote: Absolutely not. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ---------------------------------------------------------------------- From: "Brett A Mansfield" <[email protected]> To: [email protected] Sent: Wednesday, October 25, 2017 7:32:07 PM Subject: [AFMUG] Sonar password requirements too strict? Anyone here that uses sonar find the password requirements to be too strict? 12 character requirement. When it comes to passwords, I should get to choose any password I want when I’m paying someone for a service. I have the same issue with Apples new stuff. I just spun up a new instance of sonar to try it out. I haven’t even passed the password change screen yet and I think I’ve already decided to cancel. Thank you, Brett A Mansfield
