I love watching LJ go through very similar growth cycles as the internet as a whole did over the years. As a need is found (i.e. to make accounts more secure, for example), then and only then, a fix is implemented.
I'm still amazed at how uncommon simple good-password knowledge is.
Well, they also recently implemented a patch to allow removal of old email addresses from an account, any of which could be used to retrive the current password. See the security hazard there? :)
Well, what makes a password brute-forceable anyway? Do I have to turn mine into an alpha-numeric soup for security, or is that the exact wrong thing to do?
Alphanumeric soup is the best, really.. mix of upper and lower case, numbers, underscores, dashes. Nothing that appears in a dictionary, nor reversed words, not names, not dates, not variations on your username, etc. Brute force generally starts by going through a dictionary of common words, and if your password is in there..
Hmm. Of course, the main problem with alpha-numeric soup is the difficulty in remembering it, which usually causes users to write it down in some ridiculously easy place.
Yeah, that too. Some people come up with clever ways to intersperse numbers with letters, though--for example, if I wanted to combine my first name with my birth year--S1c9o7t8t. Easy to remember, and who's going to guess it?
I just don't understand why I'm not getting the warning text. My password is just one word, all lowercase. A similar thing happened with our school accounts last semester - they tested them all, and e-mailed about 60% of the student body saying they guessed their password and it needed to be changed. One of the students who got this e-mail used a russian phrase with numbers in the spaces. I didn't get any e-mail, and my password was just two words put together all lowercase.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2002-07-21 09:34 am (UTC)I love watching LJ go through very similar growth cycles as the internet as a whole did over the years. As a need is found (i.e. to make accounts more secure, for example), then and only then, a fix is implemented.
I'm still amazed at how uncommon simple good-password knowledge is.
no subject
Date: 2002-07-21 11:10 am (UTC)no subject
Date: 2002-07-21 09:57 am (UTC)no subject
Date: 2002-07-21 11:09 am (UTC)Re:
Date: 2002-07-21 11:23 am (UTC)no subject
Date: 2002-07-21 11:32 am (UTC)no subject
Date: 2002-07-21 11:58 am (UTC)A similar thing happened with our school accounts last semester - they tested them all, and e-mailed about 60% of the student body saying they guessed their password and it needed to be changed. One of the students who got this e-mail used a russian phrase with numbers in the spaces. I didn't get any e-mail, and my password was just two words put together all lowercase.
no subject
Date: 2002-07-21 12:41 pm (UTC)