Jump to content

Forum Security Nonsense


ThruTraffic

Recommended Posts

1. Why is it necessary for the forum password to be more secure than a 401K or checking account?

2. Why does a password satisfying all five of the requirements still not attain the ‘strong’ rating required?

3. And this is the kicker: Why does the password NOT meeting the ‘strong’ criteria suddenly become ‘strong’ if one merely repeats the last character in the string? (ANY security professional will tell you that repetitive characters WEAKEN a password, not strengthen it.)

Link to comment
Share on other sites

  • Administrators

@ThruTraffic, the forum software is a third party software from an outside developer. We are kind of at the mercy of their password protocols. That said, forums are often the targets of hackers, so I think they try to keep the requirements pretty stringent so we don't have to deal with the nuisance being hacked. I will post your questions on their user forum to see if I get any responses. I am not sure why it is not rating your passwords as strong.

I will let you know if I hear any response back.

Thanks,

jennifer

 

Link to comment
Share on other sites

On 1/19/2022 at 7:01 AM, ThruTraffic said:

ANY security professional will tell you that repetitive characters WEAKEN a password, not strengthen it

Security pro may be willing to explain common hack algorithms.
You may pick up something by playing with the passwd "strength" feedback tools, e.g. compare dictionary word against mixed string of the same length, try adding a char to each to a) make a new dictionary word, b) make a new nonsense string, and etc. from there...

Your assertion is faulty.

Link to comment
Share on other sites

On 1/19/2022 at 9:01 AM, ThruTraffic said:

1. Why is it necessary for the forum password to be more secure than a 401K or checking account?

2. Why does a password satisfying all five of the requirements still not attain the ‘strong’ rating required?

3. And this is the kicker: Why does the password NOT meeting the ‘strong’ criteria suddenly become ‘strong’ if one merely repeats the last character in the string? (ANY security professional will tell you that repetitive characters WEAKEN a password, not strengthen it.)

1. Sounds like I would start worrying about my 401 k; however to effect a  material change in one it takes a boatload of signed documents. As to checking I guess it makes me worry about checking accounts.

2. it is not strong enough for a reason, you will need to determine the reason, could be repetition, simplicity and non random arrangement, “Password###” not great, dates are guessable ……. Randomize what you enter

3. Adding an additional character adds factorially to the number of possibilities regardless of which character, but repetitive characters provide additional clues when decrypting,  so best not to use them.  Remember  for a password to work, they need to be encrypted to some level then reliably decrypted when needed. Bad folks like it when it’s easier to decrypt.

Link to comment
Share on other sites

Think of a favourite expression or song lyrics - for example - Houston, we have a problem! Apollo13.
So, the password becomes
Hwhap!A13.
Use the first letter from each word. You could then add an individual letter on the end or at the beginning for each different application you use. F for FB, e for ebay, g for google......
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.