Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is absurd and impossible to remember, you should instead have at least 3 levels of password strenght, one high strenght for base services that are used to retrieve other accounts like facebook and e-mail, other for important services, and another for crap.


You're not expected to remember them all, you're expected to either wrote them down or use a password manager. That way you only really need to remember one very strong password.


Except that my 3 level system failed ages ago. Originally I had one, then with more sites coming - several with bogus or recless implementation - it was extended to the aforementioned 3 tier one just to get f*cked up by 'knowing it better' god complex but stupid enforcers requesting or forbidding (!! how stupid is that!) characters. Not to mention leaks forcing me to introduce new ones, having eventually 5 layers with variations on each level because of the highly arbitrary rules of enforcers blocking my well thought of secure passwords.

All led to the situation that I have an encoded file on my computer with passwords (most just referrals/reminders/instructions not the actual password characters).

How stupid is that! Writing down passwords!

Even into secured files, still, increased level of risk. A method with doubtful protection when someone is targeted for his/her secrets personally. Stupid but that is reality. Made necessary by recless developers.

The whole password infrastructure is dead as means of protection. It does not work against serious attackers, only agains random wanderers. And more and more against rightful users!

And the most was done to ruin it by those enforced the users to solve the problem on the user side that in fact lying in the system side.

Passwords will not fullfill their task if: - allowing parties without permission to enter - locking out righful parties Very strict enforcers corrupt the system through the second point. Narrowmindedly focusing on not letting in unwanted elements cause the whole system to case working as intended, locking out and disallowing users to use it, defying the very purpose of existence.

Encouraging users not to use passwords that ever used by someone is just an extremely very radical level of enforcing and again trying to make users fix the inadequacy of the system developers.....

This is not solving systematic problems just conserving a bad habit plus making a bad situation even worse.


Use a password manager. It's so ridiculously easy to setup and makes it so much easier to log into sites.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: