Comment

Comment on Please create a non-secure password.

Yes because if you choose 8 characters at random, with 25 small + 25 big letters and 10 numeric, it* only 60^8 = 167,961,600,000,000 combinations.
I think the problem is more if the system allow brute force with thousands of erroneous attempts.
I never got the frantic entropy mindset, when the problem is much simpler to not allow endless attempts. You can allow 50 attempts, and chances would be very slim to guess even pretty moronic passwords.

source

Sort:hotnew top

stevedice@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
Most websites don’t allow multiple failed logins and, even if they did, the network latency alone would make brute force attacks useless. The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes. Having different passwords for every website also protects against this so, as usual, the answer is “just use a password manager”.

source
- purplemonkeymad@programming.dev ⁨3⁩ ⁨days⁩ ago
  
  The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes.
  
  I don’t think you need to worry about that in this case, the special character restriction suggests to me that they don’t hash it.
  
  source
- Buffalox@lemmy.world ⁨3⁩ ⁨days⁩ ago
  
  The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes.
  
  Seems a bit stupid if a database of passwords or other sensitive information can be brute forced.
  
  source
  - stevedice@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
    Please clarify what you mean because your comment is giving me these vibes.
    
    1000014915
    
    source
- Buffalox@lemmy.world ⁨3⁩ ⁨days⁩ ago
  
  just use a password manager
  
  I will never do that, I have a system instead. I never understood why people would want to use a password manager. To me it seems it ads an attack vector, where you could lose EVERYTHING!
  
  source
  - thepreciousboar@lemm.ee ⁨1⁩ ⁨day⁩ ago
    That is true for online password managers, you need an offline one
    
    source
  - stevedice@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
    I guarantee your system is less secure than the worst password manager. Humans are inherently bad at choosing passwords, or anything to do with randomness really.
    
    source
  - frezik@midwest.social ⁨2⁩ ⁨days⁩ ago
    Passwords suck as an authentication system in general. Your own system is probably worse than what password managers do. Yes, there are problems, but so does every other solution to this, and password managers win out in the comparison.
    
    source
    Buffalox@lemmy.world ⁨2⁩ ⁨days⁩ ago
    
    Your own system is probably worse than what password managers do.
    
    How so? If you use a password manager across 3 platforms, that makes for 3 attack vectors.
    My personal system has guaranteed no vulnerabilities. So how do you conclude my system is worse?
    
    source
    -> View More Comments
SwordInStone@lemmy.world ⁨3⁩ ⁨days⁩ ago
what’s an example of password that can be guessed by logic?

source
- Buffalox@lemmy.world ⁨3⁩ ⁨days⁩ ago
  Something that can possibly be deduced, like a birth date.
  
  source
- Rolder@reddthat.com ⁨3⁩ ⁨days⁩ ago
  hunter2
  
  source