Wednesday, December 2, 2009

5-minute Soapbox (Passwords)

You know, it really pisses me off when services make me jump through hoops when setting up a password. Hey site whose name I won't disclose, I just gave you a 20-character password using a random combination of letters, symbols, and numbers, but you won't accept it because I didn't include an uppercase letter?

Maybe sites need a check box saying, "I am capable of assessing the risk of my own password." Or, "I know I shouldn't use my middle name as a password." Or, "I do not need a babysitter at this particular time in my life." I understand why Facebook might want to enforce a certain level of password security, because my grandma uses Facebook and she also trusts every pop-up and banner ad she reads. This site I'm registering at provides advanced services for web administrators, something that requires a certain level of knowledge about the technology being used and it's security risks (yeah, that doesn't guarantee a lack of stupidity, but shut up, I'm being angry).

I also understand that using uppercase letters along with lowercase letters increases the number of possible characters by 26, from 66 to 92 (roughly, just looking at my keyboard). Meaning that with a 20-character password, using lowercase letters only means there's a frighteningly small number of possible passwords:


But using uppercase letters, too, you get a large, safe, un-guessable number of possible passwords:


Wow, that safeguard kept my ass out of the fire, for real. Look how exposed I would have been had they not forced me to use uppercase letters! Thanks, web service that will remain anonymous, now fuck off.


(BTW I got the numbers '66' and '92' by counting the number of characters available on my keyboard, it was a quick count, and it's probably wrong)

No comments:

Post a Comment