New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Correct!HorseBatteryStaple123
Use LastPass?
Yes, i forgot my password everytime.
I don't like it.
Ya, I hate it too. It's insane.
They could implement two step verification or have a second secret question which you have to (partly) answer after logging in.
I think it's good they're enforcing good password policy.
Believe or not but we are taking security seriously - we have analyzed many security breaches related to week passwords and data we we found in various leaked databases. In our opinion DNS is extremely sensitive part of Internet we want to eliminate as many weak points of security as possible.
On the beginning Rage4 DNS did not allow to use custom password at all but we are listening to you - our users, so we introduced such possibility.
I'm sorry if password policy is too complicated but I hope you will understand us.
Suggestion: create password which meet our policy, use it only for Rage4 DNS and store securely for example by using KeePass.
You don't have 2 symbols, FAIL
But the password sent by your password reset emails don't meet the standard as it does not have 2 symbols
Just saying...
You mean keepass?
http://keepass.info/
But they are enough complex (16 chars, lower case, upper case and digits)
Yop, my mistake
Actually that would be a good memory training exercise...see how long it would take before I can remember that password
I use LastPass, my master password Has no symbols but is 37 characters long and I know it by hard
Few years ago friend of mine found nice trick for long passwords - pick your favorite poem (or song), memorize it and use every 2 or 3 first letters of each line to build password. With this technique it's possible to use even ~100 chars long passwords
And learn a lots of poems
Yet it's not very secure against bruteforcing. Trying to remember passwords is, in reality, a horrible idea.
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/
The password requirement with Rage4 is a pain in my arse. Indicates for me a need to have better centralized records of all my accounts. I have such on paper in a notebook, but slack on the digital side.
I applaud the concern for privacy. But I am an advocate of allowing folks to be as stupid as they want to be, as long as it only impacts themselves (inclusive of their customers or viewers).
I'll also vote two factor authentication instead of this impractical password policy.
Can't agree with you there. Writing a password down of using a software to automagically fill a password field for you is a very scary and stupid idea.
That really has nothing to do with what I said, nor is it the only other available option. This kind of thing was what KeePass was invented for.
So someone only needs to crack a single password to have access to 50 or so others. Thanks but no thanks.
And this is different from reusing the same remembered password or even pattern for 50 sites, how?
In fact, it is different - getting hold of a KeePass database isn't as easy as logging a password that someone uses to log in on your forum. So much for that point.
Why did you get the idea that I was using the same password on any two sites?
I "salt" my own passwords. E.g. If my base password was "qwerty", I could use "qwerty321" on LET and "ytrewq123456" on WHT.
Which is a predictable pattern. Which really isn't any better than reusing a password when someone is targeting you.
A better example would've been. "qwerty" -> "qW€RtY" -> "Qvv3rTy" -> etc etc.
Not so predictable anymore, but of course you can keep arguing ad infinitum.
Still a highly predictable pattern.
I agree with strong passwords. Harder to guess, and less vulnerable to brute force attempts.
We can consider 2 step authentication but we are not going to change password policy.
@joepie91 - imagine something like this
Stoi na stacji lokomotywa,
Ciężka, ogromna i pot z niej spływa -
Tłusta oliwa.
Stoi i sapie, dyszy i dmucha,
Żar z rozgrzanego jej brzucha bucha:
Buch - jak gorąco!
Uch - jak gorąco!
Puff - jak gorąco!
Uff - jak gorąco!
Już ledwo sapie, już ledwo zipie,
So password will be StoCięTłuStoŻarBucUchPufUffJuż - I doubt it can be solved using dictionary attack
By the way - it's Polish poem for kids
That, and in your own language. For me I use Arabic phrases and poems and change some of the letters for numbers etc.
It can, in fact. A "dictionary attack" does not just mean a literal dictionary. It means any predefined set of words with permutations of them. I'm pretty sure there's going to be someone out there with a dictionary that consists of poems and songs.
EDIT: In fact, the most common dictionary attack doesn't use a literal dictionary, but a list of previously cracked passwords.
OMG!$20s
It's what you say when you find a twenty while walking down the street....