Monday, January 17, 2005
HOW SECURE IS THIS |10:45 PM|
The following is an exchange of information between myself and the local college's online ID system.

"Please change your UTEID password now."

> *******

"Error: Passwords must be at least 8 characters long."

> ********

"Error: We found the word ROCK in our dictionary. Please try a different password."

> **********

"Error: Passwords must contain at least one number."

> **********

"Error: Passwords must contain at least one special character."

> ************

"Thank you. You have created your UTEID password. "
"Please change your security questions."

"How many siblings do you have?"

> '2'

"Error: Answers to questions must be at least three characters long."

> 'two'

"Error: Please answer at least three security questions. "

"Error: Please create a free-form question"

>'I'd like to throw these half-wit fuckjob network admins out into....'

> Answer: Space

"Thank you, you've created your security questions. "



Yeah, that was a great many absolutely obnoxious and infuriating minutes of my life I'll never get back. With password requirements like this, there's no fucking way people can memorize this shit. Hell, I just emailed my password to myself, and I NEVER do that.

And what's wrong with a word in your password being in the dictionary? A lot of my passwords are a couple random words with some numbers in there. How many words are in the English language? Let's assume for the sake of example that there are 500,000 words. That means that someone trying to brute force guess my password would have to try 250,000,000,000 combinations, give or take a couple zeroes depending on how many numbers I throw in there. If you don't notice someone making more bad login attempts then there are people on Earth, then you're a shitty network admin.



0 Comments:

Post a Comment

Archives

2001

2002

2003

2004

2005

2006

2007

2008

2009

View My Stats -->