Forum Security Nonsense

[ThruTraffic]

1. Why is it necessary for the forum password to be more secure than a 401K or checking account?

2. Why does a password satisfying all five of the requirements still not attain the ‘strong’ rating required?

3. And this is the kicker: Why does the password NOT meeting the ‘strong’ criteria suddenly become ‘strong’ if one merely repeats the last character in the string? (ANY security professional will tell you that repetitive characters WEAKEN a password, not strengthen it.)

[Min]

@ThruTraffic, I've passed your comment along to admin.

[Jennifer Harnetty]

@ThruTraffic, the forum software is a third party software from an outside developer. We are kind of at the mercy of their password protocols. That said, forums are often the targets of hackers, so I think they try to keep the requirements pretty stringent so we don't have to deal with the nuisance being hacked. I will post your questions on their user forum to see if I get any responses. I am not sure why it is not rating your passwords as strong.

I will let you know if I hear any response back.

Thanks,

jennifer

 

[Mark C.]

This site has been hacked  before and more security is always better than less

My pasword is super simple and it been issue free .No issues with sign in but my Mac devices always recall the info automatically

[Hulk]

On 1/19/2022 at 7:01 AM, ThruTraffic said:

ANY security professional will tell you that repetitive characters WEAKEN a password, not strengthen it

Security pro may be willing to explain common hack algorithms.
You may pick up something by playing with the passwd "strength" feedback tools, e.g. compare dictionary word against mixed string of the same length, try adding a char to each to a) make a new dictionary word, b) make a new nonsense string, and etc. from there...

Your assertion is faulty.

[Bill Kielb]

On 1/19/2022 at 9:01 AM, ThruTraffic said:

1. Why is it necessary for the forum password to be more secure than a 401K or checking account?

2. Why does a password satisfying all five of the requirements still not attain the ‘strong’ rating required?

3. And this is the kicker: Why does the password NOT meeting the ‘strong’ criteria suddenly become ‘strong’ if one merely repeats the last character in the string? (ANY security professional will tell you that repetitive characters WEAKEN a password, not strengthen it.)

1. Sounds like I would start worrying about my 401 k; however to effect a  material change in one it takes a boatload of signed documents. As to checking I guess it makes me worry about checking accounts.

2. it is not strong enough for a reason, you will need to determine the reason, could be repetition, simplicity and non random arrangement, “Password###” not great, dates are guessable ……. Randomize what you enter

3. Adding an additional character adds factorially to the number of possibilities regardless of which character, but repetitive characters provide additional clues when decrypting,  so best not to use them.  Remember  for a password to work, they need to be encrypted to some level then reliably decrypted when needed. Bad folks like it when it’s easier to decrypt.

[Chilly]

Think of a favourite expression or song lyrics - for example - Houston, we have a problem! Apollo13.

So, the password becomes

Hwhap!A13.

Use the first letter from each word. You could then add an individual letter on the end or at the beginning for each different application you use. F for FB, e for ebay, g for google......