More than a decade after first examining the issue, research by the University of Plymouth has shown most of the top 10 English-speaking websites offer little or no advice guidance on creating passwords that are less likely to be hacked.
Some still allow people to use the word 'password', while others will allow single-character passwords and basic words including a person's surname or a repeat of their user identity.
Professor of Information Security Steve Furnell conducted the research, having carried out similar assessments in 2007, 2011 and 2014.
Have password restrictions ever helped?
(Score: 2) by Snow on Tuesday July 17 2018, @07:02PM (6 children)
The password is just a secondary authentication.
The real authentication happens by logging in from a known computer and doing 'normal' things. If you connect using a strange computer, you get asked super-secret authentication questions like "What was your favourite pizza place in 1994?" "Where did you meet your wife?", etc. Those super-secret questions are the real 'password'.
Banks can also claw back money for days after it has been transferred which minimizes risk further.
(Score: 2) by SomeGuy on Tuesday July 17 2018, @07:34PM (5 children)
super-secret and already known to those that mine social media, websites, and other public/private info about you.
Unless you are the one in a billion tin-foil hatters who's favorite pizza place in 1994 was 3T%Zb%Y+Qs*8cSd9 and met his wife at B:fBwB2`LB]hz"8J
(Score: 5, Funny) by bob_super on Tuesday July 17 2018, @07:45PM
> Unless you are the one in a billion tin-foil hatters who's favorite pizza place in 1994 was 3T%Zb%Y+Qs*8cSd9 and met his wife at B:fBwB2`LB]hz"8J
Really ? Really ?
Fuck, gotta go change my security questions. Thanks for spilling the beans, SomeGuy !
(Score: 2) by edIII on Tuesday July 17 2018, @08:14PM (1 child)
I'm one of them. I've always recommended to family members that they treat those like a password and *never* enter a correct answer. Usually there are three questions, so I recommend a password rearranged three times. That way you have a 1/3rd chance of getting it right without having to use a password manager or anything.
Regardless of the questions, the password is AppleBee45Squirrel, Squirrel45AppleBee, or 45AppleBeeSquirrel. Still sufficiently strong as a password, reversible, and has nothing to do with the questions.
I actually prefer that over two-factor authentication which is complete and utter bullshit. That's why there is such a rise in Porting attacks to take over people's cell numbers. I don't want to authenticate with Google anything either, and not every website supports something like a Yubikey [yubico.com] yet.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by legont on Wednesday July 18 2018, @12:59AM
Some suckers ask two questions and want them both correct. However, your idea is good, thank you.
I personally use a private password generator with two seeds - master one and one related to the name of the target. This way I don't have to store passwords and they are sufficiently difficult. Works fine except the algorithm can't fit sometimes opposite requirements.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 1, Insightful) by Anonymous Coward on Tuesday July 17 2018, @08:16PM (1 child)
Nobody goes to 3T%Zb%Y+Qs*8cSd9 any more. It's too crowded.
(Score: 3, Funny) by Phoenix666 on Tuesday July 17 2018, @08:50PM
I order their take-out. Beats the rush.
Washington DC delenda est.