My long passwords, let me show you them breaking

JaninJanin Registered User
The password set form in the user panel has a maximum character limit of 50, but on the login form there is no such limit. This means that if somebody sets a password longer than 50 characters, they won't be able to log in. The nicest way to fix this would be to remove or increase the limit on the set form, but limiting the login form would work just as well if that would be easier.

[SIGPIC][/SIGPIC]
Janin on

Posts

  • see317see317 Registered User regular
    edited December 2007
    But if the password setting form has the limit of 50 characters, how would they create a password that exceeds that limit?

    More importantly, why would you need a 50+ character password for a forum?

    see317 on
    Ringo wrote: »
    Well except what see317 said. That guy's always wrong.
  • RamiusRamius Joined: July 19, 2000 Administrator, ClubPA admin
    edited December 2007
    yeah, I agree with see317. What you are saying doesn't make sense to me.

    Ramius on
  • LewishamLewisham Registered User regular
    edited December 2007
    I get the problem. Let's assume the password is four characters max. You type

    penis

    but all you get is ****. When the password typing box is shorter than the max (which I am sure it will be), you won't be aware that the letters you are typing are not going in, it all looks the same. So the password is now "peni", but you don't know that.

    Now when you go to the login form, you type "penis" as the password, but it's not going to work, and the user is left wondering why.

    The biggest issue is why someone would be insane enough to have a 50+ character password.

    Lewisham on
  • RamiusRamius Joined: July 19, 2000 Administrator, ClubPA admin
    edited December 2007
    ah, I get it now.

    Yeah, the law of diminishing returns kicks in somewhere around 15-chars for the password. For each character past about 25 chars, you are getting something like 0.0000000000001% more secure, so by the time you hit 50 chars you are 0.000000000005% more secure than the guy with a reasonable password.

    Ramius on
  • JaninJanin Registered User
    edited December 2007
    I like using short sentences out of books, (or quotes, song lyrics, whatever) for passwords, because they're easier to remember. I could use "x93*3/?2kcsd94", but it's just so much easier to use something like "Be careful about reading health books. You may die of a misprint." (65 characters) or "I have never taken any exercise except sleeping and resting." (60). I sign in infrequently enough that the added security of the first isn't as important as the ease of memorization for the sentences.

    EDIT: see also Passwords vs. Pass Phrases and The Great Debate: Part 2.

    Janin on
    [SIGPIC][/SIGPIC]
  • ThanatosThanatos Registered User regular
    edited December 2007
    Janin wrote: »
    I like using short sentences out of books, (or quotes, song lyrics, whatever) for passwords, because they're easier to remember. I could use "x93*3/?2kcsd94", but it's just so much easier to use something like "Be careful about reading health books. You may die of a misprint." (65 characters) or "I have never taken any exercise except sleeping and resting." (60). I sign in infrequently enough that the added security of the first isn't as important as the ease of memorization for the sentences.

    EDIT: see also Passwords vs. Pass Phrases and The Great Debate: Part 2.
    Why not just use a word?

    Thanatos on
  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    edited December 2007
    Thinatos wrote: »
    Why not just use a word?
    Individual words are at least an order of magnitude too easy to guess/brute, just like sequential numbers, dates and names.

    Of course, quotes are also personal and therefore guessable, but vastly closer to random.

    Mr_Rose on
    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
  • ThanatosThanatos Registered User regular
    edited December 2007
    Mr_Rose wrote: »
    Thinatos wrote: »
    Why not just use a word?
    Individual words are at least an order of magnitude too easy to guess/brute, just like sequential numbers, dates and names.

    Of course, quotes are also personal and therefore guessable, but vastly closer to random.
    Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

    Thanatos on
  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    edited December 2007
    Thinatos wrote: »
    Mr_Rose wrote: »
    Thinatos wrote: »
    Why not just use a word?
    Individual words are at least an order of magnitude too easy to guess/brute, just like sequential numbers, dates and names.

    Of course, quotes are also personal and therefore guessable, but vastly closer to random.
    Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

    No, you're right, my bank won't let me use anything nearly as guessable as actual English words as a password.:P

    Mr_Rose on
    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
  • JasconiusJasconius sword criminal mad onlineRegistered User regular
    edited December 2007
    The only people trying to steal your Penny Arcade account are photobucket admins.

    Jasconius on
  • EinhanderEinhander __BANNED USERS
    edited December 2007
    Thinatos wrote: »
    Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

    You could have the most secure password in the world and it may not make a difference. Remember that time when a random forumer ended up logging in as Whippy?

    But yeah, your forum account isn't really something you need to be too paranoid about.

    Einhander on
  • EinhanderEinhander __BANNED USERS
    edited December 2007
    Thinatos wrote: »
    Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

    You could have the most secure password in the world and it may not make a difference. Remember that time when a random forumer ended up logging in as Whippy?

    But yeah, your forum account isn't really something you need to be too paranoid about.

    Einhander on
  • EinhanderEinhander __BANNED USERS
    edited December 2007
    Thinatos wrote: »
    Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

    You could have the most secure password in the world and it may not make a difference. Remember that time when a random forumer ended up logging in as Whippy?

    But yeah, your forum account isn't really something you need to be too paranoid about.

    Einhander on
  • Deviant HandsDeviant Hands __BANNED USERS
    edited December 2007
    I certainly hope at least our mods and admins have very secure passwords.

    Deviant Hands on
    I hope playing the Joker didn't have anything to do with this... I mean, I hope he wasn't driven to kill himself because of the role in some way. He was clearly taking the part pretty goddamned seriously.

    Why so serious?
Sign In or Register to comment.