seems like almost all the complaints out there on account security are done by ppl with stupid passwords. I know thats a generalization, but really...I can think that at least 95% of the people I've seen who've had account issues are because they have stupidly simple passwords or let their's get distributed.


Here's a link I think should be stickied someplace for players to reference on password security. If this itself couldn't be used, SOMETHING should be out there to help the multitudes of idiots that seem to populate the world.

HOW TO MAKE A GOOD PASSWORD SITE (with password security rater):
http://www.securitystats.com/tools/password.php

edit: k, I tried the password security rater and couldn't get it to work...but still an excellent reference for password making.

I'm sure that you can implement a system that refuses to make your account unless your password has, say, at least 6 characters and a mix of letters and numbers.

Surely it can't be that hard?

http://img147.exs.cx/img147/6341/pw0db.jpg

My PW score.

And yes, it shouldn;t be that hard to make passwords required to have at least 6 letters or so.

But I don;t see it coming.

I just formed a perfect password (boasts). I'm going to email my new password to Bills to prevent Demon Killer from figuring out my password :p .

:) its not hard to implement those features into password system. Most of the networks I'm registered to use and admininstrate be it at work or on my campus have those requirements (my saclink account require at least 8 letters, 2 numbers, and some sort of icon in there like !,'-_=+ etc)

Jeff, I beat you! :eek:

I always assumed you have a 30 character long password using Unix coding long forgotten by the modern world.

Jeff, I beat you! :eek:

I always assumed you have a 30 character long password using Unix coding long forgotten by the modern world.



GEEZ you must spend half your time in frony odf the computer just typing your 50foot long password...

No! My password isn't that long! It's equivalent in length to Office_Shredder and looks exactly like it

Why not make it so that all new account are given a random password consisting of 6 numbers and letters. While it would be harder to remember, simply write it down and you'll have no problem. And there will be far fewer cases of password theft.

:rolleyes: :rolleyes:

And would lead to people never remembering their password.

People wouldn;t write it down. You'd be better off having them enter a valid email address, then have go get the password.

The rolleyes was meant to signify sarcasm. Nothing will make a foolproof password system, because the world is full of fools.

I thought you meant it would never happen here due to lack of staff ability.

Well, that too.

Hey! Each smiley can only be sarcastic about one point at a time.

I do apologise.

Passwords should always:

Have at least 5 letters
Something random
Not related AT ALL to your account name

Suggestions:

Capitals
Special ALT codes (if you use them)

And there were two smilies!

Random Alphanumeric. Example: dsfk832sfdk93
Write it down, put it in your wallet, keep it there until you memorize it.

Thats what i do, and it has yet to fail me.


A little background information:
Passwords are(usually) not only stored on a secure database, but are also encrypted. Some algorithms used to encrypt your password, don't even have a commercial unencrypter. Therefore your password has a very small chance of being "hacked/stolen". However, a simple password such as 'potato' can easley be cracked. Cracking is when a "script kiddie" uses a program that logs into the system using a list of passwords, if your password is on that list(and potato should be on any good list), you will have been compromised. To that effect, i am not sure what security TAO has in place for this, but companies such as AOL have a limit to how many times an IP can attempt to login per minute. This greatly reduces the number of compromised accounts.

Some math for you:
TAO passwords are max length 10 characters. So a-z 0-9 combinations.

Max combinations of alphanumeric passwords:
3,656,158,440,062,976
Time it would take to try every password(100rpm):
25,389,989,167 days
or 69,561,614 years.

So how old are you?


My conclusion: Use random letters.

And you all forgot the one tip that always works too.

DON'T SHARE YOUR PASSWORD WITH ANYONE

slipped my mind :-x

scroll, I'm 70,000,000 years old right now.

Well, in your lifetime you could have completely tried every password that could be mine. Once...

I know everyone's password in the universe! Muwahahahaha!

Unfortunately, I don't know who's username they belong to :D

Isn't 100 rpm a bit slow for that calculation (I'm not an expert at this, maybe it's normal speed). I would have expected something at least 100 times as fast

It is slow, but not to that extent. I cracked AOL accounts for awhile, at some times it was as low as 30rpm, when others i had it up to 1500rpm

*shrug*

whatever, it's still a long time.

Did you know that if you try to draw a mol of dots, it takes almost 8,000 years?

Scroll, doesn;t the passwords also allow for the ASCII characters. So the numbers would be greatly increased beyond the a-z, 1-0.

That is also true, i'm not sure what characters are allowed, but the possibilities beyond alphanumeric are crazy.

There are probably about 1,000 extra possibilities or so.

So we have 1,062^55 possible passwords :eek:

Is it just me, or is that a lot?

Yup.

question, what if the hacker is omnipotent?

Then he needs to take Viagra.

Then he needs to take Viagra.

lol Jeff, I guessed about 3 gold's passwords when I was grey on Army. The
n()()b golds have names like lava_lamp666 and their passwords are like lava.(one gold on Ledgends at one point, real dope.) The password should be totaly unrelated to your name! And should contain both letters AND numbers, this will increase the time and work effort the hacker will have to take, and most hackers wont spend more than a day at most, they have other easyer targets.......STICKY THAT!

Guys, teio's password was "xerent" at one point. If this isn't proof that even the admins don't know what a good password looks like, I don't know what is. So how can you expect them to judge other people's passwords?

:rolleyes:

Guys, teio's password was "xerent" at one point. If this isn't proof that even the admins don't know what a good password looks like, I don't know what is. So how can you expect them to judge other people's passwords?

:rolleyes:
Xerent isn't an admin. :p

I'll have you know I didn't choose that password, and was against it from the start.