Benjamin Juang (ibneko) wrote,
Benjamin Juang

Your Password SUCKS!

Your password sucks!
We've just done a code push, which includes the new function we've been cheerfully calling the "your password sucks" module. This provides an update to our sucky-password-checking module, and an option (currently disabled) that will force anyone with a password that sucks to change that password before they can do anything else on the site. And I do mean anything.


I still need to change passwords for a large majority of sites I use. Still, mine is not brute-forceable (eh, meaning you can'd take a dictionary, and try word by word.) And all of my passwords are generated based on random keyboard pounding, then rotated into a more comfortable string to type. With numbers. I should also add punctuation, for those sites and places that accept it... Sadly, I tend to reuse several password for everything over one time period, although always combined with modifications based on various things. This is a Bad thing.

A better password scheme would be to let the server pick several random number, then you have to respond with the correct numbers in response, based off an equation or something of your choosing. Although this massively slows down things, and people aren't good at adding sometimes... nevermind, that wouldn't work. We're not computers. Maybe some sort of smartcard..... enter the numbers on that, and it'll give you the numbers to enter back.. but the smartcard can be stolen. Hmm. Add a fingerprint based calculation to that. Yeeeah. Something like that. So Computer-generated Challenge -> smartcard's internal equation * fingerprint -> Smartcard response
Tags: livejournal, news

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded