[sf-lug] passwords - trying to pick good ones, difficulties, and users, and vendors/websites
michaelshiloh1010 at gmail.com
Sun Jan 24 09:41:54 PST 2010
I would guess it doesn't like certain characters, like perhaps the
asterisk or the carat.
Michael Paoli wrote:
> So, ... set up a nice secure password - made sure to use HTTPS,
> indicates it has to be 6 to 14 characters, and contain at least
> one letter and one digit, so I used:
> Vendor then immediately emails (as part of the registration) the
> password, without using encryption. Bleh.
> Okay, so let's see if I update the password and the vendor hopefully
> won't also email the updated password. Being sure to use HTTPS again.
> I try:
> but it won't let me use that, it gives me:
> Password is Invalid. Must be 6-14 characters and contain at least one
> letter and one number.
> Well, ... it is and does, so what aren't they telling me, and how much
> weaker/stupider do I have to make the password for it to be accepted?
> And we wonder why typical users get frustrated and pick weak passwords
> which, by the way, the site tells me for that weak password,
> "Password OK."
> (but no, I didn't click "Submit" on that weak of a password).
> So I try:
> and I log out and try to log in again to make sure it works.
> The login doesn't work - nor does it work with the prior password I set.
> Buggers - the password change input likely mangles or truncates the
> password in a manner different than the login authentication.
> So, ... I go through the password reset thingy - emails me a weaker
> in the clear, and I use that and try again ...
> another attempt, I finally get one that's suitably strong to my
> liking, is accepted, and also works when I log out and back in to
> confirm they got it right.
> And we wonder why users often pick weak passwords - even if they might
> be somewhat inclined to pick/use better - potentially much better
> And yes, I'm going to check if they have some suitable contact or the
> like to let them know about their password security and validation issues.
> sf-lug mailing list
> sf-lug at linuxmafia.com
> Information about SF-LUG is at http://www.sf-lug.org/
Sent from my ASR-33
More information about the sf-lug