I decided I am tired of getting screwed everywhere I go, and in everything I do. So now I am going to blog about it.
Go to Get Screwed By, and see how I got screwed. You can also submit your stories to me there, and I will probably post it on the site.
Sphere: Related ContentThis thing is awesome. You just choose what you ate, and it will generate a nutrition label based on what you choose.
At what point in your infinite wisdom did you think it was a security practice to limit the length of my password to 6 or even 8 digits?
Ok, so lets play a little game. There are 94 possible characters on my keyboard, assuming that I can count (probably not though). Now, lets get something straight first, I understand that some programmers don’t know how to properly escape code, so for the sake of this argument we will leave some characters out of the possible password string. So lets say 75, to be fair, because alot of people dont allow certain characters and I can’t count. This ~75 includes punctuation, numbers, capital letters, etc.
The following is # of digits to # of possible passwords:
1 - 75
2 - 5625
3 - 421, 875
…
6 - 177, 978, 515, 625
7 - 13, 348, 388, 671, 875
8 - 1, 001, 129, 150, 390, 625 - thats ~ 1 trillion possible passwords.
…
14 - 178, 179, 480, 135, 440, 826, 416, 015, 625 - that is 100 septillion possible passwords
… It goes on
Now, we all know computers are fairly badass, which would you feel more secure with? Especially, knowing that someone has a password cracking software thatis built to do nothing but generate passwords, and try them against your login?
Ok, while I will agree that 1 trillion possible passwords is a lot, and if you are not using dictionary words, it is MUCH harder for cracking software to work. With 3 more orders of magnitude, you have a much better chance that someone isn’t going to steal your password.
If we take it a bit further and add all of the possible passwords of smaller lengths to the possibilities we have shown above, the numbers increase slightly, but not enough to change the order of magnitude. It still makes a difference, and unless the would-be hacker knows your username, and your password.
Now lets talk storage. Your are hopefully hashing my password to store it in a database, so the length of the password wont matter at all there. Unless of course you are using some proprietary reversible hash so that you can give my password back to me. DONT DO THAT!
I don’t want you to send me my password back. I would much rather have to go through the trouble of resetting it, than have you email it to me.
So what is it? Why the hell are you limiting my password length?
Feel free to list sites that limit password length below. And if you can, send me a link to their reason why!
Sphere: Related ContentIt can be super dangerous. What happens if a robber decides that today is the day to rob this guy’s apartment, and there I am typing away?
Also, I just realized as I took a GIGANTIC multi-vitamin, that if I choke on something there is no one around to smack the shit out of me. What would I do?
I considered leaning out the window and trying to capture the attention of the Starbucks’ customers, but I know that I would not be loud enough to over power their caffeine addicted trance-walk back to their SUVs. I guess I would have to try to dial 911. Should i call from my cell and my cable phone line, so that they can triangulate my location? What would you do?
Sphere: Related Content
Powered by FireStats
