Home > Computing, Opinions > Quickie – Password Policies

Quickie – Password Policies

So today, in order to use some of the new functionality at the University of Rochester’s wireless services, I had to change my password. This isn’t just any change – the new passwords must have symbols, numbers, and so forth. Also, to prevent some sort of Bobby Tables incident, certain symbols (I’m guessing SQL syntax) aren’t allowed. It’s nothing particularly draconian, but it does strike me that in most cases this sort of guideline is… somewhat slightly useless.

The key here is that once a user passes beyond the most obvious errors, like matching username and password or using a common word as the password, it becomes rather difficult to bruteforce someone’s passwords, especially if some degree of encryption is applied. I sure hope that security measures of some sort are used to keep UR’s passwords safe… but no guarantee. Still, even without it, a password merely composed of ASCII keys, such as, perhaps “{}{}{}{}[][][]a” would take thousands of years to break in the worst case, assuming high end current hardware, and even a government organization would need an impractical amount of time to break such. And considering that even the password storage on an internet service is often encrypted, we might want to worry a little bit less about our password security, and a bit more about other insecurities in our life… like, you know, like political corruption.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: