My long passwords, let me show you them breaking

Janin · December 2007

The password set form in the user panel has a maximum character limit of 50, but on the login form there is no such limit. This means that if somebody sets a password longer than 50 characters, they won't be able to log in. The nicest way to fix this would be to remove or increase the limit on the set form, but limiting the login form would work just as well if that would be easier.

see317 · December 2007

But if the password setting form has the limit of 50 characters, how would they create a password that exceeds that limit?

More importantly, why would you need a 50+ character password for a forum?

Ramius · December 2007

yeah, I agree with see317. What you are saying doesn't make sense to me.

Lewisham · December 2007

I get the problem. Let's assume the password is four characters max. You type

penis

but all you get is ****. When the password typing box is shorter than the max (which I am sure it will be), you won't be aware that the letters you are typing are not going in, it all looks the same. So the password is now "peni", but you don't know that.

Now when you go to the login form, you type "penis" as the password, but it's not going to work, and the user is left wondering why.

The biggest issue is why someone would be insane enough to have a 50+ character password.

Ramius · December 2007

ah, I get it now.

Yeah, the law of diminishing returns kicks in somewhere around 15-chars for the password. For each character past about 25 chars, you are getting something like 0.0000000000001% more secure, so by the time you hit 50 chars you are 0.000000000005% more secure than the guy with a reasonable password.

Janin · December 2007

I like using short sentences out of books, (or quotes, song lyrics, whatever) for passwords, because they're easier to remember. I could use "x93*3/?2kcsd94", but it's just so much easier to use something like "Be careful about reading health books. You may die of a misprint." (65 characters) or "I have never taken any exercise except sleeping and resting." (60). I sign in infrequently enough that the added security of the first isn't as important as the ease of memorization for the sentences.

EDIT: see also Passwords vs. Pass Phrases and The Great Debate: Part 2.

Thanatos · December 2007

Janin wrote: »

I like using short sentences out of books, (or quotes, song lyrics, whatever) for passwords, because they're easier to remember. I could use "x93*3/?2kcsd94", but it's just so much easier to use something like "Be careful about reading health books. You may die of a misprint." (65 characters) or "I have never taken any exercise except sleeping and resting." (60). I sign in infrequently enough that the added security of the first isn't as important as the ease of memorization for the sentences.

EDIT: see also Passwords vs. Pass Phrases and The Great Debate: Part 2.

Why not just use a word?

Mr_Rose · December 2007

Thinatos wrote: »

Why not just use a word?

Individual words are at least an order of magnitude too easy to guess/brute, just like sequential numbers, dates and names.

Of course, quotes are also personal and therefore guessable, but vastly closer to random.

Thanatos · December 2007

Mr_Rose wrote: »

Thinatos wrote: »

Why not just use a word?

Individual words are at least an order of magnitude too easy to guess/brute, just like sequential numbers, dates and names.

Of course, quotes are also personal and therefore guessable, but vastly closer to random.

Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

Mr_Rose · December 2007

Thinatos wrote: »

Mr_Rose wrote: »

Thinatos wrote: »

Why not just use a word?

Individual words are at least an order of magnitude too easy to guess/brute, just like sequential numbers, dates and names.

Of course, quotes are also personal and therefore guessable, but vastly closer to random.

Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

No, you're right, my bank won't let me use anything nearly as guessable as actual English words as a password.:P

Jasconius · December 2007

The only people trying to steal your Penny Arcade account are photobucket admins.

Einhander · December 2007

Thinatos wrote: »

Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

You could have the most secure password in the world and it may not make a difference. Remember that time when a random forumer ended up logging in as Whippy?

But yeah, your forum account isn't really something you need to be too paranoid about.

Einhander · December 2007

Thinatos wrote: »

Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

You could have the most secure password in the world and it may not make a difference. Remember that time when a random forumer ended up logging in as Whippy?

But yeah, your forum account isn't really something you need to be too paranoid about.

Einhander · December 2007

Thinatos wrote: »

Dude, this isn't your fucking bank account. It's a fucking account on a fucking video game comic forum.

You could have the most secure password in the world and it may not make a difference. Remember that time when a random forumer ended up logging in as Whippy?

But yeah, your forum account isn't really something you need to be too paranoid about.

Deviant Hands · December 2007

I certainly hope at least our mods and admins have very secure passwords.

Penny Arcade

Quick Links

My long passwords, let me show you them breaking

Posts