Tim: > > I just looked for the obvious stupid one, there's probably other bad > > things in there. There's always been stupid advice, and people > > blithely go along with it.
Bob Marčan: > Not only that. Different applications have different rules for > passwords: number of characters, special symbols, numbers, ... > Basically, confusion. My rules were multi-word, words that are not associated together (so not "feedthedog"), and easy to read and type. Never in a million years is someone going to guess some obtuse "fivepearstruckcactuspig" as a passphrase. I did once set a password like "thisisapaininthearse" to some cretinous service I had to use several years ago. Then I had to tell them the password later on over the phone. Slightly embarrassing, but also immensely rewarding at the same time. Though you should always make up complete nonsense phrases. I don't know how anyone with eyesight problems, or reading comprehension problems, ever manages to correctly type in "dEguWEfYowHsD$78@$cddf" cryptic kind of codes. When people have to type special symbols they mayn't be able to do them on their phone. And phone apps mayn't give them enough time to type in complex things. My bank app was like that years ago, you had to type in the confirmation number they sent you, plus your account number, and password, in 15 seconds on the phone. You couldn't even pre-load some of the information and just fill in the confirmation code. It'd erase them as you looked at another screen to see your confirmation code, which couldn't be copied and pasted either. I complained about that, tech support said you have 50 seconds, but no you only had 15 seconds to do it (which was only barely do-able). I think some programmers, and fools who make up stupid rules, need to be smacked about the head with a clue-by-four. And the moment someone says the rules are 8 characters long (which is stupidly short), must have one symbol and one number, you've just narrowed down what any hacker has to figure out. And you just know that certain characters are going to swapped 3 for E, ! for I, etc., making machine cracking easier. Making people have to log into things that they don't really need to log into (such as watching TV, youtube, whatever, because /they/ want you to have a personalised service) just means that people need to have a gazillion passwords and something to manage them, else they're going to re-use passwords. A gaming friend showed me his list of about 300 different passwords he uses, and shared with me the nightmare story of the day his password manager stuffed up at one stage. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
