Shit that annoys you

[Mustonen]

Password complexity annoys me. Why do we need 8 characters with symbols, caps etc? Are they really worried someone will crack my code if it’s just a 4 digit PIN?

Yes. A 4 digit PIN is fairly trivial to crack if somebody is serious, a liability that is untenable to anybody who is at all accountable for security.

Complexity is sorta dumb, though. Password length is not. Turn everything into a passphrase (with spaces) and life gets both easier and more secure.

[AlpiNord]

Yep, those are the best. My wife has both budget and top of the line Big Agnes puffys which both have the Vislon. I saw a coworkers Stio puffy w/ that zipper yesterday...Meanwhile my newest Patagonia puffy is about to need its zipper replaced for a 2nd time. I wanna try to find a local seamstress to put on a Vislon.

Check out San Juan Sewing below PineNeedle.

[Viva]

I've had mixed experiences with San Juan Sewing. But I did discover Let 'er Rip in Pagosa Springs. A couple of ladies there, doing great work, with very cheap prices. They repair all the Wolf Creek (Wolfy!) gear, too.

[Supermoon]

Check out San Juan Sewing below PineNeedle.

San Juan Sewing would be a good pass phrase. PineNeedle would be ok too.

[xyz]

Yes. A 4 digit PIN is fairly trivial to crack if somebody is serious, a liability that is untenable to anybody who is at all accountable for security.

Complexity is sorta dumb, though. Password length is not. Turn everything into a passphrase (with spaces) and life gets both easier and more secure.

Are passwords really being hacked or threatened? Are they so threatened I need to change them every 6 months because hackers are closing in on my password? Seems to me the online hacking world is centred around scams. Like romance, Bitcoin and fake Microsoft help desk scammers.

[BC.]

Are passwords really being hacked or threatened? Are they so threatened I need to change them every 6 months because hackers are closing in on my password? Seems to me the online hacking world is centred around scams. Like romance, Bitcoin and fake Microsoft help desk scammers.

My employer portal has password changes every 90 days…brutal. So ridiculous cuz you end up having to write them down/which defeats the whole purpose of privacy….lol.

[Supermoon]

IT managers have to keep their jobs so 90 day password changes mean they get a steady stream of laptop unlocks. Add in a few phishing tests and they have work forever.

[dannynoonan]

My employer portal has password changes every 90 days…brutal. So ridiculous cuz you end up having to write them down/which defeats the whole purpose of privacy….lol.

I'm sure the geeks hate this but just append a consecutive number to a well-worn passphrase. I'm up to like N00n@nrules29 at this point

[J. Barron DeJong]

I'm sure the geeks hate this but just append a consecutive number to a well-worn passphrase. I'm up to like N00n@nrules29 at this point

That’s what I’ve been doing for over a decade now.

[Mustonen]

Are passwords really being hacked or threatened? Are they so threatened I need to change them every 6 months because hackers are closing in on my password? Seems to me the online hacking world is centred around scams. Like romance, Bitcoin and fake Microsoft help desk scammers.

Interestingly, outside of some evidence of password compromise forced password changes reduce the security of a system, on net.

So yes, passwords are threatened and credential compromise is a very real threat. And no, forced password changes are indeed reactive bullshit that is not founded in fact or reason.

[MakersTeleMark]

Thanks for that. I have a couple Patagonia jackets 30 years old or so that still work great. Here's some zippers from my herd of jackets to see how lame the Outdoor Research zippers are by comparison:

Attachment 476388

You got some purdy teeth.

And 10x on fuck waterproof zippers, and RAB.

[Brownski]

Interestingly, outside of some evidence of password compromise forced password changes reduce the security of a system, on net.

So yes, passwords are threatened and credential compromise is a very real threat. And no, forced password changes are indeed reactive bullshit that is not founded in fact or reason.

We have 90 day required changes and it’s such a pain in the ass that we’ve all adopted the same seasonal word choices in order to remember them. I could probably log in to 90% of my coworkers’ accounts if I wanted to.

[bobz]

Eh, the vislon teeth zippers are fine (though particularly the lighter duty ones eventually have problems, and when they do it’s a full zipper replacement rather than just the slider). But coil zips have their place. Sounds like OR (I mostly like their stuff) should have put a beefier zipper on your jacket, oh well.

[anotherVTskibum]

Are passwords really being hacked or threatened? Are they so threatened I need to change them every 6 months because hackers are closing in on my password? Seems to me the online hacking world is centred around scams. Like romance, Bitcoin and fake Microsoft help desk scammers.

My understanding is that password issues generally fall into three buckets:
1. The user fell for a scam and gave someone the login info "for support purposes"
2. The user has the same password at multiple sites, from those that have serious security setups and professionals watching for intrusions (eg financial) to the local ski club message board setup by some dude in his spare time ten years ago, shortly before he left for somewhere with better snow; then the low-security site gets hacked and the credentials used elsewhere (but see also 1)
3. The password is truly horrible and easy to guess (password123, VailSucks, etc)

Historically, category 4 was when a site would get compromised and the attackers would then use the captured but encrypted login info to brute force passwords, but modern crypto and password storage should make that impractical for any attack without three-letter-agency support.

Forced changes can reduce the carnage from 1 and 2 by limiting the lifespan of compromised credentials, but using a password manager and having a good passphrase for it that you don't share with anyone, especially fake support reps, is a better solution.

[riser4]

My understanding is that password issues generally fall into three buckets:
1. The user fell for a scam and gave someone the login info "for support purposes"
2. The user has the same password at multiple sites, from those that have serious security setups and professionals watching for intrusions (eg financial) to the local ski club message board setup by some dude in his spare time ten years ago, shortly before he left for somewhere with better snow; then the low-security site gets hacked and the credentials used elsewhere (but see also 1)
3. The password is truly horrible and easy to guess (password123, VailSucks, etc)

Historically, category 4 was when a site would get compromised and the attackers would then use the captured but encrypted login info to brute force passwords, but modern crypto and password storage should make that impractical for any attack without three-letter-agency support.

Forced changes can reduce the carnage from 1 and 2 by limiting the lifespan of compromised credentials, but using a password manager and having a good passphrase for it that you don't share with anyone, especially fake support reps, is a better solution.

Except when your password manager gets cracked. LastPass, I'm looking at you.

[J. Barron DeJong]

Had a piece of Carolina reaper and ghost pepper jerky 90 minutes ago. Posting from the toilet.

Could also be filed under ‘shit that burns’.

[riser4]

Don't forget to wipe your ass with a sno-cone.

[paulster2626]

I'm sure the geeks hate this but just append a consecutive number to a well-worn passphrase. I'm up to like N00n@nrules29 at this point

Same password with 2 numbers at the end since I started here in 2006. I'm at 54 now. Plan is to get to 80 and retire.

[riser4]

My employer has a re-use policy checker that will reject minor modifications.

[PB]

They keep promising biometrics, but ......

[oldnew_guy]

I can change my password when it inevitable gets compromised. I can't change my fingerprints. Giving your biometrics or DNA to damn near anyone is just stupid.

[PB]

Fair point, but should be filed un the Shit that threatens you day to day life. We all came here to be annoyed by changing our passwords by 3 or 4 digits/numbers.

[BC.]

I'm sure the geeks hate this but just append a consecutive number to a well-worn passphrase. I'm up to like N00n@nrules29 at this point

Yep…

[jackstraw]

Assholes annoy me.

Wouldn't need passwords, tsa, security cameras, locks, etc etc etc. Fucking assholes

[Mustonen]

My employer has a re-use policy checker that will reject minor modifications.

We have that. And a blacklist that includes all known password compromises. And a filter that looks for stupid variations of your name.

Some form of bio/token based continuous identity monitoring is where it ends up. We aren’t there yet so we still have passwords.