Password security rules don't make sense

I was changing my password on Twitch, the difference between what they considered weak and strong was ridiculous.
The password I wanted (but won't be using) was Tw1tchyb0110ck5, but was considered weak. But, if I omitted the 5 at the end, it was considered strong (again, won't be using).

Screenshot 2022-06-26 15.16.08.png
Screenshot 2022-06-26 15.13.41.png
 
I was changing my password on Twitch, the difference between what they considered weak and strong was ridiculous.
The password I wanted (but won't be using) was Tw1tchyb0110ck5, but was considered weak. But, if I omitted the 5 at the end, it was considered strong (again, won't be using).

View attachment 673059View attachment 673060

The reason is that 1337 / leetspeak is not only well understood by technical people, it is widely used in rainbow tables already, so your password of "Tw1tchyb0ll0ck5" is only very slightly more secure than "Twitchybollocks".
 
The reason is that 1337 / leetspeak is not only well understood by technical people, it is widely used in rainbow tables already, so your password of "Tw1tchyb0ll0ck5" is only very slightly more secure than "Twitchybollocks".
Shhhh! Don't say r4inB0wT4bl35. They don't work quite that way anyhow, that would be brute-forcing..
 
Passwords must contain upper case, lower case, number, special character etc. The chance of me remembering ortholithhasforgottenhisbloodypasswordagain is higher than remembering OrTholITH87$b?!@

Then being made to change the bloody thing every few months and it can't be similar to a previous version. Two factor authentication is a brilliant idea, no matter how much I whined about it in the first place.
 
I prefer finger print id on my laptop, long passwords are easy when I don't have to remember them and the computer unlocks them with my fingerprint
 
Ummm. No. A rainbow table that contains all the leet versions is not brute forcing. Unless you meant something else.

Is it a rainbow table covered in unicorn glitter?
 

Diko

Old-Salt
Sometimes I use a formula, which I used in my engineering years, for a certain screw thread cut on a centre lathe.
 
Just as long as you don't mind leaving your laptop password on everything you touch. Convenience versus security, it's a balance.
I've been told that most 'fingerprint' readers don't actually read fingerprints, they track blood vessels under the skin. A physical fingerprint eg. a police fingerprint card, won't unlock most 'fingerprint' readers but a real finger with the fingerprint skin burnt off would work.
 

Guns

ADC
Moderator
LastPass or other password managers are your solution. Long and complex. Plus never, ever, reuse a password. Changing them is a waste of time -provided you DO NOT REUSE.

For proper INFOSEC geekyness use different usernames as well. I have an email domain (@myname.com - not real). I use something@myname.com for the user name so it adds to things to solve. It helps in spam as well. Recently I got lots of spam from a particular email address that is only used for Under Armour. Either they were hacked, database stolen or sold my details despite me opting out.
 
Ummm. No. A rainbow table that contains all the leet versions is not brute forcing. Unless you meant something else.
What I meant is that they don't work with the word (In whatever form it takes) as the starting point. Trying all the options would be brute-forcing. They work by backward computation of the #code into a string by using comparisons. Although, I suppose, they start with the strings to generate the #code library, so you do in fact have a point.
 
Passwords must contain upper case, lower case, number, special character etc. The chance of me remembering ortholithhasforgottenhisbloodypasswordagain is higher than remembering OrTholITH87$b?!@

Then being made to change the bloody thing every few months and it can't be similar to a previous version. Two factor authentication is a brilliant idea, no matter how much I whined about it in the first place.

agree with you about TFA but I keep on wondering what will happen if there's an issue with cellular comms
 

themutiny

Old-Salt
I've been told that most 'fingerprint' readers don't actually read fingerprints, they track blood vessels under the skin. A physical fingerprint eg. a police fingerprint card, won't unlock most 'fingerprint' readers but a real finger with the fingerprint skin burnt off would work.
Not true in my experience. Skin has grown back and can now use my iPad fingerprint recognition, but ’phone resolutely refuses to, despite my best attempts to re-initiate.
 
Your first example spelling is of the 2 x L's replaced with numeral 1's , whereas the second example has it as 2 x lower case L's

That makes a difference!
 

Latest Threads

Top