Re: A novel approach to encouraging password complexity

I find it entertaining.
The reality of its use..


About 127 trillion years
Don't account for “hacker knowledge”
Algorithms that the hacker can create to eliminate imposable passwords.
Like the length, min and max all the calculations of “REQUIRED”

Re: A novel approach to encouraging password complexity

I felt like I should come back and add a bit of knowledge on how http://howsecureismypassword.net/
evaluates security.

Assumed passwords per second rate is 10 million/second

If the length is less than 9, it checks the 500 most common passwords list, and advises as such.

Next it calculates entropy based on the characters you're using. a-z, A-Z (that's 26+26), numbers is another 10, then it goes and looks at special characters to add 13 more, then various Unicode groups to get even deeper. All in all, about 600~ is the largest charset it lets you work with, which may be broken depending system implementation.

It then takes number of possible characters to the power of length, divides it by the 10million/second ratio, and spits out a time.

I'd say as a simple script it's okay, but there's a lot of things that haven't been considered, like all the things http://www.passwordmeter.com/ takes into account. It might be leading people into a false sense of password strength, but no more so than most scripts out there already. I like the idea of showing strength as time, but I'm going to back-peddle on saying this is a great tool (in it's present form).

Re: A novel approach to encouraging password complexity

About 780 quintillion years... I think I should be safe

Yeah, I used x's instead of the actual characters in my password

That said, trying this style of password (alphanumeric with spaces) in nakedpassword doesn't even get the icon naked, even at 20+ characters. I'm kind of disappointed.

Re: A novel approach to encouraging password complexity

Wouldn't it be funny if that were a social engineering attempt to compile passwords used in the wild xD

Re: A novel approach to encouraging password complexity

I agree with Lowie and acoustica,Meaningful things should be beneficial to human progress
,

Re: A novel approach to encouraging password complexity

I'm a bigger fan of doing this:

http://howsecureismypassword.net/

Spell out for them how long it will be till their password is hacked, and you can even take it a step further and expire their password.

Honestly, this naked password thing just makes me want to vomit. I'm not a purist or anything (if you saw what I did last weekend, you'd understand), but it's wrong on so many levels, and a highly inefficient solution to the issue, especially over the long term.

Re: A novel approach to encouraging password complexity

The other thing is that most people will not think a tiny pixilated model is worth the cost of having to memorize a complicated password, or it may lead to them choosing complicated passwords to beat the game which simply get written down....

Re: A novel approach to encouraging password complexity

If it was a live video feed, I think I'd find it a lot harder to think of a complex password in future...

Re: A novel approach to encouraging password complexity

I agree with Lowie, it's not exactly a decent mesh for corporations, government users, or any other serious environment. I can see it working for adult social networks (and that way it doesn't get old as fast as the user only views it on certain varieties of password protected sites or programs). You could always take the idea of "rewards for good passwords" and run with it too. Like little dancing gifs, changing smilie faces, etc. You could also just not let a password be valid until it meets a certain complexity level.

Re: A novel approach to encouraging password complexity

To be honest, I think this sort of approach does actually help. Most humans respond to any sort of challenge, real or implied.

But things like this are never incorporated in the wider corporate environment, as they don't meet with the serious business stereotype that most corporate clones try to portray.

You know... Wear sensible cross line pattern business shirt, wear mediocre same as everyone else tie, drive medium sized 4 door Audi/BMW, don't come up with any forward thinking ideas, change for the sake of change, collect KPI related bonus, just like the business turd course taught you.

Sorry, bit of a sideways sliding rant there. My bad.

The problem I see with this sort of idea is this: It's a novel approach to an old problem. It gets implemented and becomes widespread. Hence it is no longer a novel approach. People have seen it, people now ignore it. You're now back at square one again.

Just my 2 cents worth. (or dime, peso, rupee or whatever your denomination might be).

Re: A novel approach to encouraging password complexity

Various approaches such as this or minigames have been brought up before in the past, but never seem to take off either due to not being feasible to implement on a wide scale, or simply not being better than the current method.

Re: A novel approach to encouraging password complexity

It's an amusing approach, and make me wonder if even a token "reward" works better to modify users behavior, as opposed to things like policy or even threats of disciplinary action.

She reminds me of the women in Leisure Suit Larry (1987). Maybe she should be rendered in 4-bit, CGA colors.

Re: A novel approach to encouraging password complexity

Kind of hard to get excited about getting a tiny pixelated "model" naked.