Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #398: Data for intranet got routed through the extranet and landed on the internet.

comp / comp.misc / Password not strong enough

SubjectAuthor
* Password not strong enoughSylvia Else
+* Re: Password not strong enoughLawrence D'Oliveiro
|`* Re: Password not strong enoughDavid LaRue
| +* Re: Password not strong enoughD
| |`* Re: Password not strong enoughSylvia Else
| | `* Re: Password not strong enoughmm0fmf
| |  `* Re: Password not strong enoughRich
| |   `- Re: Password not strong enoughmm0fmf
| `- Re: Password not strong enoughSylvia Else
+* Re: Password not strong enoughScott Alfter
|`- Re: Password not strong enoughcandycanearter07
`- Re: Password not strong enoughRich

1
Subject: Password not strong enough
From: Sylvia Else
Newsgroups: comp.misc
Date: Wed, 5 Jun 2024 03:19 UTC
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: sylvia@email.invalid (Sylvia Else)
Newsgroups: comp.misc
Subject: Password not strong enough
Date: Wed, 5 Jun 2024 11:19:42 +0800
Lines: 7
Message-ID: <lca3qeFjp85U1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net vawfvHFz0gM+l7g/VaYg0wrHCeGmG+gDxdAGRRnNeKoYKUIEbl
Cancel-Lock: sha1:EQHuOsBRO++QZQV8xfalPk4pTqs= sha256:5CGJQdPBxQnVoaNi7FFtGFBE574NPYUQ6NFhc9jHl7k=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.15.1
Content-Language: en-US
View all headers

LFPUxS5a2b3LWr1qt2RS

Password not strong enough.

Ye Gods! How strong do you want it to be?

Sylvia.

Subject: Re: Password not strong enough
From: Lawrence D'Oliv
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Wed, 5 Jun 2024 03:25 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 03:25:53 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <v3ols0$qb6k$1@dont-email.me>
References: <lca3qeFjp85U1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 05 Jun 2024 05:25:53 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="4516e25990465832a6742c15b1bf965a";
logging-data="863444"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19EnzO8nTPG4DF2qqTzQ0ef"
User-Agent: Pan/0.158 (Avdiivka; )
Cancel-Lock: sha1:ekUCkWC3qxx5CbRKYKqQqOjkg6E=
View all headers

On Wed, 5 Jun 2024 11:19:42 +0800, Sylvia Else wrote:

> LFPUxS5a2b3LWr1qt2RS
>
> Password not strong enough.
>
> Ye Gods! How strong do you want it to be?

My guess is, the password checker demands non-alphanumeric characters in
there as well.

Which is a dumb thing to require.

Subject: Re: Password not strong enough
From: David LaRue
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Wed, 5 Jun 2024 04:38 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: huey.dll@tampabay.rr.com (David LaRue)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 04:38:25 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 30
Message-ID: <XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170>
References: <lca3qeFjp85U1@mid.individual.net> <v3ols0$qb6k$1@dont-email.me>
Injection-Date: Wed, 05 Jun 2024 06:38:25 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="ee171f723c6f805867a860b2b96c851d";
logging-data="873067"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18AmmKuLuSU+1vsU6IsY6G2"
User-Agent: Xnews/2006.08.24
Cancel-Lock: sha1:n6vLFyJghroBKKrk53Eq55X84NY=
View all headers

Lawrence D'Oliveiro <ldo@nz.invalid> wrote in news:v3ols0$qb6k$1@dont-
email.me:

> On Wed, 5 Jun 2024 11:19:42 +0800, Sylvia Else wrote:
>
>> LFPUxS5a2b3LWr1qt2RS
>>
>> Password not strong enough.
>>
>> Ye Gods! How strong do you want it to be?
>
> My guess is, the password checker demands non-alphanumeric characters in
> there as well.
>
> Which is a dumb thing to require.

Agreed. Silly rules that don't help protect you.

Looks like a good password except that you posted it. Mine is 24 characters
long and not random if you know the pattern that made it. My wife hasn't
been able to type it in even if it is written down for her to type in.

A pharmacy site rejected a proposed long password because it contained three
characters in my email address. I just call them when something is needed.
I'd rather talk to a human anyway.

FWIW, I've yet to be hacked. I've only been online since before the
Internet.

I'm also glad to see you both still enjoying life.

Subject: Re: Password not strong enough
From: D
Newsgroups: comp.misc
Organization: i2pn2 (i2pn.org)
Date: Wed, 5 Jun 2024 05:38 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: nospam@example.net (D)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 07:38:32 +0200
Organization: i2pn2 (i2pn.org)
Message-ID: <748981ad-5809-6a90-5807-e64d9de3a434@example.net>
References: <lca3qeFjp85U1@mid.individual.net> <v3ols0$qb6k$1@dont-email.me> <XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Injection-Info: i2pn2.org;
logging-data="3236905"; mail-complaints-to="usenet@i2pn2.org";
posting-account="w/4CleFT0XZ6XfSuRJzIySLIA6ECskkHxKUAYDZM66M";
In-Reply-To: <XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170>
X-Spam-Checker-Version: SpamAssassin 4.0.0
View all headers

On Wed, 5 Jun 2024, David LaRue wrote:

> Lawrence D'Oliveiro <ldo@nz.invalid> wrote in news:v3ols0$qb6k$1@dont-
> email.me:
>
>> On Wed, 5 Jun 2024 11:19:42 +0800, Sylvia Else wrote:
>>
>>> LFPUxS5a2b3LWr1qt2RS
>>>
>>> Password not strong enough.
>>>
>>> Ye Gods! How strong do you want it to be?
>>
>> My guess is, the password checker demands non-alphanumeric characters in
>> there as well.
>>
>> Which is a dumb thing to require.
>
> Agreed. Silly rules that don't help protect you.
>
> Looks like a good password except that you posted it. Mine is 24 characters
> long and not random if you know the pattern that made it. My wife hasn't
> been able to type it in even if it is written down for her to type in.
>
> A pharmacy site rejected a proposed long password because it contained three
> characters in my email address. I just call them when something is needed.
> I'd rather talk to a human anyway.
>
> FWIW, I've yet to be hacked. I've only been online since before the
> Internet.
>
> I'm also glad to see you both still enjoying life.
>

I read somewhere that someone thought that a good and well managed
password was way better than 2FA or 3FA since those, together with modern
password reset policies, leave too many gaps.

Subject: Re: Password not strong enough
From: Sylvia Else
Newsgroups: comp.misc
Date: Wed, 5 Jun 2024 11:07 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: sylvia@email.invalid (Sylvia Else)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 19:07:01 +0800
Lines: 26
Message-ID: <lcav6lFnnc8U1@mid.individual.net>
References: <lca3qeFjp85U1@mid.individual.net> <v3ols0$qb6k$1@dont-email.me>
<XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net q76PocNRSnNUaG17aMzclQ5d+C+CwPXWRDvvxxFEbv9RbjdvC+
Cancel-Lock: sha1:ej7SrC/Jb+EnxxyFh/Ol4P9CBto= sha256:uDpOHdXfoDttkTcYJ/CHQTt9Qk40784USUQqA+b607Y=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.15.1
Content-Language: en-US
In-Reply-To: <XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170>
View all headers

On 05-June-24 12:38 pm, David LaRue wrote:
> Lawrence D'Oliveiro <ldo@nz.invalid> wrote in news:v3ols0$qb6k$1@dont-
> email.me:
>
>> On Wed, 5 Jun 2024 11:19:42 +0800, Sylvia Else wrote:
>>
>>> LFPUxS5a2b3LWr1qt2RS
>>>
>>> Password not strong enough.
>>>
>>> Ye Gods! How strong do you want it to be?
>>
>> My guess is, the password checker demands non-alphanumeric characters in
>> there as well.
>>
>> Which is a dumb thing to require.
>
> Agreed. Silly rules that don't help protect you.
>
> Looks like a good password except that you posted it.

Well, I chose a new one that is equally random, but also contains the
required "strong" characters.

Sylvia.

Subject: Re: Password not strong enough
From: Sylvia Else
Newsgroups: comp.misc
Date: Wed, 5 Jun 2024 11:08 UTC
References: 1 2 3 4
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: sylvia@email.invalid (Sylvia Else)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 19:08:16 +0800
Lines: 48
Message-ID: <lcav90Fnnc8U2@mid.individual.net>
References: <lca3qeFjp85U1@mid.individual.net> <v3ols0$qb6k$1@dont-email.me>
<XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170>
<748981ad-5809-6a90-5807-e64d9de3a434@example.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Trace: individual.net e61KCyk2a7QhJvlLkSW+CQM4tCXSenVTeJBGjlnY7t0RVkZYJx
Cancel-Lock: sha1:g5yXubbw5Rd5ZlzBAj57lqVTdWQ= sha256:9wF+zX42vnWG6kUIB1u5VhCttnLBXLMaX+gr9+HpJSk=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.15.1
Content-Language: en-US
In-Reply-To: <748981ad-5809-6a90-5807-e64d9de3a434@example.net>
View all headers

On 05-June-24 1:38 pm, D wrote:
>
>
> On Wed, 5 Jun 2024, David LaRue wrote:
>
>> Lawrence D'Oliveiro <ldo@nz.invalid> wrote in news:v3ols0$qb6k$1@dont-
>> email.me:
>>
>>> On Wed, 5 Jun 2024 11:19:42 +0800, Sylvia Else wrote:
>>>
>>>> LFPUxS5a2b3LWr1qt2RS
>>>>
>>>> Password not strong enough.
>>>>
>>>> Ye Gods! How strong do you want it to be?
>>>
>>> My guess is, the password checker demands non-alphanumeric characters in
>>> there as well.
>>>
>>> Which is a dumb thing to require.
>>
>> Agreed.  Silly rules that don't help protect you.
>>
>> Looks like a good password except that you posted it.  Mine is 24
>> characters
>> long and not random if you know the pattern that made it.  My wife hasn't
>> been able to type it in even if it is written down for her to type in.
>>
>> A pharmacy site rejected a proposed long password because it contained
>> three
>> characters in my email address.  I just call them when something is
>> needed.
>> I'd rather talk to a human anyway.
>>
>> FWIW, I've yet to be hacked.  I've only been online since before the
>> Internet.
>>
>> I'm also glad to see you both still enjoying life.
>>
>
> I read somewhere that someone thought that a good and well managed
> password was way better than 2FA or 3FA since those, together with
> modern password reset policies, leave too many gaps.

I've tried, without success, to get password resets disabled on things
like bank account online access.

Sylvia.

Subject: Re: Password not strong enough
From: Scott Alfter
Newsgroups: comp.misc
Organization: USS Voyager NCC-74656, Delta Quadrant
Date: Wed, 5 Jun 2024 15:40 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!news.neodome.net!npeer.as286.net!npeer-ng0.as286.net!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx13.iad.POSTED!not-for-mail
Newsgroups: comp.misc
Subject: Re: Password not strong enough
References: <lca3qeFjp85U1@mid.individual.net>
Organization: USS Voyager NCC-74656, Delta Quadrant
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
From: scott@alfter.diespammersdie.us (Scott Alfter)
Originator: scott@alfter.diespammersdie.us (Scott Alfter)
Lines: 27
Message-ID: <DF%7O.36181$Inzb.36166@fx13.iad>
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Wed, 05 Jun 2024 15:40:19 UTC
Date: Wed, 05 Jun 2024 15:40:19 GMT
X-Received-Bytes: 1839
View all headers

In article <lca3qeFjp85U1@mid.individual.net>,
Sylvia Else <sylvia@email.invalid> wrote:
>LFPUxS5a2b3LWr1qt2RS
>
>Password not strong enough.
>
>Ye Gods! How strong do you want it to be?

KeePassXC says that password has about 108 bits of entropy. It
characterizes the password quality as "excellent."

As noted by others, it's probably some bullshit "password complexity"
requirement that you include some additional character types. I ordinarily
have KeePassXC generate passwords similar to what you were trying to use,
but with look-alike characters excluded (no I, l, 1, O, 0, etc.). With a
length of 20 or more characters, you're nearly always going to get a
stronger password than some site that requires you to choose from all
available characters...and then imposes a password-length limit. (The only
reason I can see for a length limit is that they're storing plaintext
passwords in their database, which is the textbook definition of "doing it
wrong.")

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

Subject: Re: Password not strong enough
From: Rich
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Wed, 5 Jun 2024 16:53 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rich@example.invalid (Rich)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 16:53:05 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <v3q55h$11rrv$1@dont-email.me>
References: <lca3qeFjp85U1@mid.individual.net>
Injection-Date: Wed, 05 Jun 2024 18:53:05 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="525380344e348450a5e5f21801648378";
logging-data="1109887"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19GlcIJfJ1sGpdHcw+QBjac"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:0smZRfMBjlFCu7wg8O04PMR61cE=
View all headers

Sylvia Else <sylvia@email.invalid> wrote:
> LFPUxS5a2b3LWr1qt2RS
>
> Password not strong enough.
>
> Ye Gods! How strong do you want it to be?

That is the result of "dumb/lazy programmers". They have a single
generic "error message" when something is wrong, but several very
different "checks" for strength of the password. One of which would
appear to be that the actual issue is that there are no "punctuation"
characters and their code requires at least one "punctuation"
character.

And, naturally, there is no where on the page where you enter/change
your password that details the characters they expect to see (and those
they reject -- although rejecting *any* character in a password is a
sign of either a stupid programmer, or improper storage of the literal
password).

Try again with the commonly rejected punctuation characters ($ % ' *)
and see if they also have a rule of "no use of $" but their error
message is still "not strong enough" even though they meant "cannot
contain $".

Subject: Re: Password not strong enough
From: mm0fmf
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Wed, 5 Jun 2024 20:27 UTC
References: 1 2 3 4 5
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: none@invalid.com (mm0fmf)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 21:27:31 +0100
Organization: A noiseless patient Spider
Lines: 9
Message-ID: <v3qhnl$143dp$1@dont-email.me>
References: <lca3qeFjp85U1@mid.individual.net> <v3ols0$qb6k$1@dont-email.me>
<XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170>
<748981ad-5809-6a90-5807-e64d9de3a434@example.net>
<lcav90Fnnc8U2@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 05 Jun 2024 22:27:34 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="7e4671a7a4ed7eb2b8839f2f1cfab3cc";
logging-data="1183161"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19C2RYo0iSYM1pNfdli6fl+"
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
Thunderbird/68.12.1
Cancel-Lock: sha1:/S37YyXz9jAu5KBQweJ10i/kyf8=
Content-Language: en-GB
In-Reply-To: <lcav90Fnnc8U2@mid.individual.net>
View all headers

On 05/06/2024 12:08, Sylvia Else wrote:

> I've tried, without success, to get password resets disabled on things
> like bank account online access.
>
> Sylvia.

Tried at work to get a sensible policy and I work at a big tech company
that should know better. IT monkeys are just not having it.

Subject: Re: Password not strong enough
From: Rich
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Wed, 5 Jun 2024 20:58 UTC
References: 1 2 3 4 5 6
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rich@example.invalid (Rich)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 20:58:42 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 18
Message-ID: <v3qji2$14bsv$1@dont-email.me>
References: <lca3qeFjp85U1@mid.individual.net> <v3ols0$qb6k$1@dont-email.me> <XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170> <748981ad-5809-6a90-5807-e64d9de3a434@example.net> <lcav90Fnnc8U2@mid.individual.net> <v3qhnl$143dp$1@dont-email.me>
Injection-Date: Wed, 05 Jun 2024 22:58:42 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="525380344e348450a5e5f21801648378";
logging-data="1191839"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19OiyJ4RFan37Jev5lIW6zC"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:imJjda8UMWTrpA+/rJ3Vssk3AIo=
View all headers

mm0fmf <none@invalid.com> wrote:
> On 05/06/2024 12:08, Sylvia Else wrote:
>
>> I've tried, without success, to get password resets disabled on things
>> like bank account online access.
>>
>> Sylvia.
>
> Tried at work to get a sensible policy and I work at a big tech company
> that should know better. IT monkeys are just not having it.

That is due to their CYA "checkbox security" such that their A is
covered if they follow the list of "checkboxes" and the 'silly policy'
is enshrined in the checkbox list, so they duitifully follow along in
order to CYA.

You'd need to first get the checkbox security list updated to something
sensible before the IT monkeys will do anything to change.

Subject: Re: Password not strong enough
From: mm0fmf
Newsgroups: comp.misc
Organization: A noiseless patient Spider
Date: Wed, 5 Jun 2024 21:44 UTC
References: 1 2 3 4 5 6 7
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: none@invalid.com (mm0fmf)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Wed, 5 Jun 2024 22:44:58 +0100
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <v3qm8q$14pe2$1@dont-email.me>
References: <lca3qeFjp85U1@mid.individual.net> <v3ols0$qb6k$1@dont-email.me>
<XnsB18867CE66F3hueydlltampabayrrcom@135.181.20.170>
<748981ad-5809-6a90-5807-e64d9de3a434@example.net>
<lcav90Fnnc8U2@mid.individual.net> <v3qhnl$143dp$1@dont-email.me>
<v3qji2$14bsv$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 05 Jun 2024 23:44:59 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="7e4671a7a4ed7eb2b8839f2f1cfab3cc";
logging-data="1205698"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/C/DQRZBpJJ0oQi3cbQCTr"
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
Thunderbird/68.12.1
Cancel-Lock: sha1:x1Mt7eMecLsDly0TbRsktiw+04Y=
In-Reply-To: <v3qji2$14bsv$1@dont-email.me>
Content-Language: en-GB
View all headers

On 05/06/2024 21:58, Rich wrote:
> mm0fmf <none@invalid.com> wrote:
>> On 05/06/2024 12:08, Sylvia Else wrote:
>>
>>> I've tried, without success, to get password resets disabled on things
>>> like bank account online access.
>>>
>>> Sylvia.
>>
>> Tried at work to get a sensible policy and I work at a big tech company
>> that should know better. IT monkeys are just not having it.
>
> That is due to their CYA "checkbox security" such that their A is
> covered if they follow the list of "checkboxes" and the 'silly policy'
> is enshrined in the checkbox list, so they duitifully follow along in
> order to CYA.
>
> You'd need to first get the checkbox security list updated to something
> sensible before the IT monkeys will do anything to change.
>

Absolutely. But I'll be retired soon so I'll leave the battle to someone
younger :-)

Subject: Re: Password not strong enough
From: candycanearter07
Newsgroups: comp.misc
Organization: the-candyden-of-code
Date: Thu, 6 Jun 2024 21:55 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: candycanearter07@candycanearter07.nomail.afraid (candycanearter07)
Newsgroups: comp.misc
Subject: Re: Password not strong enough
Date: Thu, 6 Jun 2024 21:55:03 -0000 (UTC)
Organization: the-candyden-of-code
Lines: 28
Message-ID: <slrnv64boo.10ab.candycanearter07@candydeb.host.invalid>
References: <lca3qeFjp85U1@mid.individual.net>
<DF%7O.36181$Inzb.36166@fx13.iad>
Injection-Date: Thu, 06 Jun 2024 23:55:03 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="05bbcfc41faf73e2d63285a644a3e7f6";
logging-data="1784792"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+RucGUdvISjVX8FDQdpyJRRZuln0II8qPsmoKQtQlKEg=="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:PNwlj4oMOVXcc53PlNUBtPOWm2M=
X-Face: b{dPmN&%4|lEo,wUO\"KLEOu5N_br(N2Yuc5/qcR5i>9-!^e\.Tw9?/m0}/~:UOM:Zf]%
b+ V4R8q|QiU/R8\|G\WpC`-s?=)\fbtNc&=/a3a)r7xbRI]Vl)r<%PTriJ3pGpl_/B6!8pe\btzx
`~R! r3.0#lHRE+^Gro0[cjsban'vZ#j7,?I/tHk{s=TFJ:H?~=]`O*~3ZX`qik`b:.gVIc-[$t/e
ZrQsWJ >|l^I_[pbsIqwoz.WGA]<D
View all headers

Scott Alfter <scott@alfter.diespammersdie.us> wrote at 15:40 this Wednesday (GMT):
> In article <lca3qeFjp85U1@mid.individual.net>,
> Sylvia Else <sylvia@email.invalid> wrote:
>>LFPUxS5a2b3LWr1qt2RS
>>
>>Password not strong enough.
>>
>>Ye Gods! How strong do you want it to be?
>
> KeePassXC says that password has about 108 bits of entropy. It
> characterizes the password quality as "excellent."
>
> As noted by others, it's probably some bullshit "password complexity"
> requirement that you include some additional character types. I ordinarily
> have KeePassXC generate passwords similar to what you were trying to use,
> but with look-alike characters excluded (no I, l, 1, O, 0, etc.). With a
> length of 20 or more characters, you're nearly always going to get a
> stronger password than some site that requires you to choose from all
> available characters...and then imposes a password-length limit. (The only
> reason I can see for a length limit is that they're storing plaintext
> passwords in their database, which is the textbook definition of "doing it
> wrong.")

Maybe it's to prevent you from using such a long password that you
forget? Who knows.
--
user <candycane> is generated from /dev/urandom

1

rocksolid light 0.9.8
clearnet tor