Password needs to be at least 8 character

>password must be between 6 and 8 characters long
>only alphanumeric characters are allowed

Literally the password policy of the uni I went to and they seem to be storing passwords in plaintext because IT admin contacted me and told me I couldn't use 'bigpenis1' as my password so I just stopped caring and went with 'password' as my password.

theres being careless and then there's being retarded
i think you may be carelessly retarded though

Lmao that wouldn't take 2 minutes with a dictionary attack

No because there's a special character and a number in there which makes it more complex

>must have at least two of !#$%&()*+,-./:?@[\]_{|}~ but none of `^';" or space

they indeed suggest you make a really secure password you ungrateful cunts

holy fuck what is with your school?

>Cannot have ascending, descending, or repeating digits.

4sshole.

>task first 3 letters of Web address
>add a personal salt to it (your birthday, for example)
>run it through SHA256 hashing algo
>take first 16 characters
There, you now have an uncrackable password. Your welcome Sup Forums

...

>why
because users tend to use retarded passwords like monkey, password, 1234, 123456, 12345678, 654321 and so.
You are stupid, but they are even more stupid than you for storing passwords in plaintext. They are asking to being trolled

>because users tend to use retarded passwords like monkey, password, 1234, 123456, 12345678, 654321 and so.
and what if I don't want to waste extra time on generating password for account that I'm surely using the first and the last time?

>bigpenis1
yes thats because those are 9 characters and only 6-8 are allowed, dumbass

>you have to change password each semester

>inb4 a whole bunch of kids start yelling about how this is wrong because of dictionary attacks

> begin typing password in with all intent to comply to the sites specifications
> DANGER red warning appears alerting me my password isnt valid
Ive only typed in one character you pieces of shit

Yeah, I disagree with his suggestion to use common words, but his point about entropy is perfectly valid.

This is the fucking worst. And if you don't do it in a week it locks you out and to reset it you have to call but they put you on hold for like an hour because everyone is trying to get their password reset.

>I disagree with his suggestion to use common words
Why?

>im too lazy to secure myself
thats what i read

nist actually no longer recommends this terrible practice (from where it originated). it's cynical about the protection of pws and optimistic about people's ability to recreate secure passwords: "{word} {F or S for fall or spring semester, resp.}{current year}"

Tell that to my institution.

Well, like he said, dictionary attacks. Also, just incorporating a single abnormal character or digit in your password on top of a large number of regular characters can still help. As it happens, most people's passwords aren't as unique as people think they are. I don't remember the details of it, but I recall some researchers pooling together the checksums of a bunch of people's passwords and discovering that there were actually a bunch of duplicates. Probably because people used common words. Check out this site if you want a better authority on making passwords:
passwordmeter.com/

pages.nist.gov/800-63-3/sp800-63b.html
>Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

BNZ, one of the biggest band in New Zealand, has the same password policy. 6-8 characters, alphanumeric only

see idiot

If a service imposes a criteria by which their users need to write their passwords, doesn't that just make it easier for third parties to brute force passwords, since they've already eliminated a number of different passwords that they would have otherwise guessed for?

>it has been 30 days since your last password change
>you cannot use a previously used password

>but I recall some researchers pooling together the checksums of a bunch of people's passwords and discovering that there were actually a bunch of duplicates
Duh for throwaway shit i just put Password1 like half the world does.

it's actually monkey123.

>password needs to be between 4 to 6 characters
>all characters must be numerical

Yes,its stupid

Y-you're just joking, right, user? That didn't actually happen . . . d-did it?

>Well, like he said, dictionary attacks.
see If you think dictionary attacks aren't already covered by that comic's analysis, you don't understand what you're talking about and would do better to keep your uneducated mouth shut

this guy's a fuckin renegade

Easy: PoossWarD@666
I can generate more for a price.

I work as support for suppliers in a big company.
The system the suppliers need to access to check stuff like invoices needs to have
>EXACTLY 10 characters
>At least 1 uppercase
>At least 1 lowercase
>At least 1 number
>At least 1 special character

Yeah, it's that fucking retarded

It's a secure ur password you stupid fucker.
My passwords are names of ITAR related F35 and f22 hardware.
There's no way an algorithm can guess it because those words/names don't exist anywhere

LMFAO xd

No, because it's more than a few words.

>password has to be between 8 and 16 characters
Why can't I use my 47 digit one I just generated?

That would be easily dictionary attacked. You have to add a random symbol or letter in it to make it basically unbeatable, like this:

Easy dictionary attack
>kill all white men

Fucking impossible
>kill all wh$ite men

Notice I didn't substitute a letter, I added.

>repeat the last character

Because it decreases the chances that your hash will match with those in rainbow tables and whatnot.

Use a password manager ya fuck

>Dictionary attacks are ineffictive
>Dictionary attacks are effictive
Which one is it? Make up your mind! AHHHH MAKE THE VOICES IN MY HEAD STOP

>use password manager to avoid having to remember a bunch of passwords
>still have to fuck around with password generation rules to meet dumb password criteria that only make my passwords less secure

>password needs at least 10 letters
>at least 1 capitalized letter
>at least 1 number
>at least 1 special character

youtu.be/3NjQ9b3pgIg

My uni forces me to change the pass every few months and does not allow similar passwords to what you had before. Think you change a letter or number and call it a day? NOPE.

I mean, I understand why they do it but fuck if it's not super annoying. Not to mention I'll change the pw on my desktop at home, have firefox remember it, and promptly forget it. Then when I'm at uni on my laptop or phone I can't log on to the internet cause I forgot the new password.

Still better than when websites allow spaces as input on registration but the database fucks up and you cant log in.

>They arent hashing the paasword

Drop that university

If you think dictionary attacks were the crux of my argument, you don't understand what I was talking about and would do better to keep your uneducated mouth shut.

>does not allow similar passwords

Your university is retarded

So people stop using "password", "letmein", and "dragon"

Password1

Ihave1asscheekandImustscream

>would take 122 nonillion years to crack

>passwords are stored in plaintext

Yes, it's retarded because it helps hackers by removing the possibilities of passwords that are all lower case, all caps and ones without numbers which only increases the chance of being hacked.

That would be cracked within minutes, maybe hours. See this post:

You mong, the person cracking the password has no clue how long your password is or what is used in it.
Dictionary attacks work on basic as fuck passwords and popular quotes.
Some apply heuristics to potentially guess in-between characters used for spaces.
But beyond that, it can't do shit.
That pass will in no way get cracked easily.

A fucking quote from Lord of the Rings with Pi being used for spaces is better than your shit Lastpass password.

You do realize how fucking large the search space is for common English, right?
It is vastly higher than every symbol most websites let you use.

That's brute force with a dictionary you are speaking. It's not going to fucking happen.
You seriously under-estimate how fucking long it takes to compare one word to EVERY OTHER COMMON ENGLISH WORD.
It's exactly the same as comparing A to every possible other letter.

>youtu.be/3NjQ9b3pgIg
>computerphile
>a channel that called HTML a programming language
Fuck off

Stop talking about subjects you barely even have a basic grasp on.
See top half of my post for why it won't.

>You do realize how fucking large the search space is for common English, right?

Depends on the distribution..

How many people are using words like "love", "fun", "sex"?
And how many use words like "yonder", "communicant" or "twelvemonth"?

The principle of dictionary attacks is not to crack every password. It's about going for the low hanging fruit, because some idiot WILL use his birthday or something like "lifeisgood" as password.

And that's why you are enforced to use not only use alphanumeric characters and so on, like in the OP.

Also there's still rainbow tables, and other methods if you want to go all fancy. It's a rather complicated topic overall.

Oh you are correct on that, it does go after the low-hanging fruit.
Fuck them, they are dumb enough to use stuff like that.

Password policies are still too retarded though.
All it does is lead to people making short passwords they forget in a month, if they aren't hacked in said month.
Enforce 20 character passwords. Now that will change shit up for sure.
>retards write passwords on post-its
FUUUUUUUUUCK

Seriously though, all it takes is a quote with a mangled word and it's end-of-the-universe for it.
"That's one small boj8ngle$ for man, one giant leap for mankind"
Unless quantum computers work, then we're all fucked.
Sure hope your encryption container was several a thousand characters password.

Just take a few uncommon words, then type an 8 digit number while holding shift to get punctuation. Try cracking or guessing:
factotem procrustean lugubrious %^!*&!^#