Jump to content

[IPB]Password Suggestion

Guest Aaron

By Guest Aaron
in Feedback

Recommended Posts

Aaron Newbie

Aaron

Posted
Posted

While making a hotmail account for a friend I saw a feature I think would be neat to have on IPB. On hotmail when you are registering for a free @hotmail.com account when you choose a password underneath the password box is another box that when you enter in your password it tells you if your password is a strong enough password. You can try it out at http://www.hotmail.com you do not have to signup just click the link to signup and and type in a password to test it out :)

Link to comment
Share on other sites
Rοb Community Regular

Rοb

Posted
Posted

Unless this would be too hard to add :blink:



I would doubt that very much, its more cosmetic than anything else.

As well as looking nice it would be a good way to educate our forum members on account security :thumbsup:
Link to comment
Share on other sites
GRANAT Newbie

GRANAT

Posted
Posted

You have to keep in mind, it is not a common occurence that people try to get into others forum accounts. This would be a nice feature, however I would want the option to "force" a strong password, or allow a weak one. Reason being is the average person has 1 password that they use on all sites (not the smart ones). If a harder password was forced, they would always have to re-send their password via email.

Im for it with the option +1

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

It isnt really that complicated, all it does is check for letters/numbers/symbols, if your pass contains all 3 then its high, only 2 it gets medium, only one it gets weak

Not as simple as that, otherwise someone could make a 3 character password and it'd get a high rating.

It's a combination of (lowercase, uppercase, number, character), length, order of the characters as well as any patterns to them. a1b2c3! wouldn't be a strong password at all even though it meets your criteria, but o5Gn&2 would be, because there is no pattern to it.
Link to comment
Share on other sites
cthree Explorer

cthree

Posted
Posted

I'll decent and say this is NOT a good suggestion. Not that there is anything wrong with a good password but there really isn't anything right about it either. Strong passwords are designed to thwart "brute force" password crack attempts. A brute force attack works like this: You write a script which, using a dictionary usually, starts entering passwords for an account and keeps trying until it finds the right one. It's a question of odds. a 4 character alpha numeric password offers 36^4 possible combinations. You could get lucky on the first try or you could find it on the last attempt. requiring a 6 character password ups the total combinations to 36^6.

"Strong" passwords have no practical purpose. It sounds good, like a deadbolt on a door made of paper. The only thing you'll accomplish is making it more likely people will forget their passwords. It's smoke and mirrors and a waste of time. Security is a topic dominated by ignorance and fear.

Your ATM card has a 4 digit PIN with 10^4 possible combinations. Why worry about a forums password orders of magnitude more complex already?

Waste of time and an extra layer of complexity which adds no appreciable measure of security. If you want to improve passwords make them shorter and add a feature to disable passwords that are incorrectly entered more than 5 times. Shorter passwords = easier to remember and less likely to forget. Disabling repeated login attempts defeats all but the very luckiest bots.

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

4 character passwords (letters/numbers) has 62^4 probabilities. 26 upper, 26 lower and 10 numbers.

I think the idea deserves merit. Consider things from a corporate point of view, if you were to purchase IPB, wouldn't be more suiting to have a password-strength indicator as a feature? Corporate execs may have very important PM's or important access to certain areas of interest, and to know that their password has been labelled as weak would let them know that they need to reconsider the password that they are using.

IPS is trying to sell to high end businesses as well as to the individual, so this is a feature that would make it more appealing as it encourages and endorses security. For the individual, we'd get the new features as a bonus.

:)

Link to comment
Share on other sites
cojo Newbie

cojo

Posted
Posted

I think this is a good idea. Strong passwords add an extra layer of security and are NOT a waste. Many people are lazy. They often use the same password over and over plus choose something personal. Thus, it really doesn't take very many attempts at all to break into their accounts. In fact, many break-ins into the US military and government computer systems were the result of employees using weak passwords. If you have an admin who chooses a password of say "dog", your site is more susceptible to being broken in than if he used a longer or more complex one.

Your security is only as strong as the weakest link.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2023 IPS, Inc.
×
×
  • Create New...