• T$ (unregistered)

    whew just in time too. This post makes me want to watch Futurama.

  • snoofle (unregistered)

    I wish my passwords didn't expire for 50 billion eons...

  • (cs) in reply to snoofle

    How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

  • Sarkie (unregistered)

    Use the Calc contest winner, to work out the answer!!

  • Eric Meyer (unregistered)

    Is my math completely WTF'd, or is that a few thousand eons over 50.5 quadrillion years?

  • (cs)

    For the record, that's about 5.05 E+16 years. For reference purposes, the current age of the universe is estimated at roughly 2.0 E+10 years.

  • (cs)

    Twofer Thursday? That's a WTF.

    / Firefox's spell checker actually recognizes "twofer" as a real word.

  • Leandro (unregistered)

    Wow ... so much time !!! the user must be godlike at least ..

  • diaphanein (unregistered) in reply to Someone You Know
    Someone You Know:
    For the record, that's about 5.05 E+16 years. For reference purposes, the current age of the universe is estimated at roughly 2.0 E+10 years.

    Not according the Kansas Board of Education; they say its only around 10,000 years old.

  • Generic Phil (unregistered)

    For anyone who can't be bothered to check, 18446744073709551541 works out as -75 signed.

  • Tim (unregistered)

    Either eons in the future, or -181 days ...

  • Tim (unregistered) in reply to Generic Phil
    Generic Phil:
    For anyone who can't be bothered to check, 18446744073709551541 works out as -75 signed.

    Ta.

  • (cs) in reply to PsychoCoder
    PsychoCoder:
    How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

  • Da' Man (unregistered)

    The real WTF is that this discount application is probably not 'Year 3000 safe"... ;-)

  • Mark B (unregistered) in reply to rilarios
    rilarios:
    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.
    That just encourages you to use a predictable system. ie MarkDec06 MarkJan07 MarkFeb07 etc.
  • Da' Man (unregistered) in reply to diaphanein
    diaphanein:
    Not according the Kansas Board of Education; they say its only around 10,000 years old.
    They are wrong. Everbody knows that the Universe was created just a few years ago by the Flying Spaghetti Monster!
  • (cs)

    It only says it will expire within B days. If it expired tomorrow, that would be within B days. So they should change the error to "the password will expire in the future".

  • bd (unregistered) in reply to Da' Man
    Da' Man:
    diaphanein:
    Not according the Kansas Board of Education; they say its only around 10,000 years old.
    They are wrong. Everbody knows that the Universe was created just a few years ago by the Flying Spaghetti Monster!
    I'm sure it was last Wednesday.
  • Sgt. Preston (unregistered)

    W.t.f. is "New Every Two Pricing"?

  • Brad (unregistered)

    I like how it's "Copyright (C) 1982, 2005, Oracle." as opposed to "Copyright (C) 1982 - 2005, Oracle." As if they coded it in 82 and decided to dust it off in 05 for kicks.

  • Brad (unregistered) in reply to Sgt. Preston
    Sgt. Preston:
    W.t.f. is "New Every Two Pricing"?

    It's a Verizon policy. Every 2 years (when you're contract is up) they graciously offer a discount on a new phone (which happens to come with a new 2 year contract!). Isn't that nice of them?

  • Sgt. Preston (unregistered) in reply to Brad
    Brad:
    I like how it's "Copyright (C) 1982, 2005, Oracle." as opposed to "Copyright (C) 1982 - 2005, Oracle." As if they coded it in 82 and decided to dust it off in 05 for kicks.
    And why do people insist on spelling out "Copyright" AND showing the copyright symbol? It's like saying something costs $5.99 dollars or the humidity is at 80% percent.
  • (cs) in reply to Sgt. Preston

    Maybe the word "Copyright" is copyrighted...?

    Mark B! Don't post your passwords on the net! =P

  • Matt (unregistered) in reply to rilarios
    rilarios:
    PsychoCoder:
    How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

    Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

  • (cs) in reply to Matt
    Matt:
    rilarios:
    PsychoCoder:
    How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

    Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

    Yeah well when I was a kid we not only had that, but we also had to type them in reverse, while blindfolded!

    You young guys have it easy.

  • Harrow (unregistered) in reply to KattMan
    KattMan:
    Matt:
    rilarios:
    PsychoCoder:
    How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

    Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

    Yeah well when I was a kid we not only had that, but we also had to type them in reverse, while blindfolded!

    You young guys have it easy.

    You had passwords? We had to hire a guard with a handgun to stand by the terminal.

    -Harrow.

  • (cs) in reply to Harrow
    Harrow:
    KattMan:
    Matt:
    rilarios:
    PsychoCoder:
    How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

    Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

    Yeah well when I was a kid we not only had that, but we also had to type them in reverse, while blindfolded!

    You young guys have it easy.

    You had passwords? We had to hire a guard with a handgun to stand by the terminal.

    -Harrow.

    A handgun?! All we had was harsh language!

  • (cs) in reply to Someone You Know
    Someone You Know:
    Harrow:
    KattMan:
    Matt:
    rilarios:
    PsychoCoder:
    How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

    Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

    Yeah well when I was a kid we not only had that, but we also had to type them in reverse, while blindfolded!

    You young guys have it easy.

    You had passwords? We had to hire a guard with a handgun to stand by the terminal.

    -Harrow.

    A handgun?! All we had was harsh language!

    Grog have stick. Grog bash head.

  • Worf (unregistered) in reply to Mark B
    Mark B:
    rilarios:
    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.
    That just encourages you to use a predictable system. ie MarkDec06 MarkJan07 MarkFeb07 etc.

    Yeah, I wonder if the guy behind the "must change password every XXX days" policy every thought about unintended consequences... like the policy resulting in less security due to everyone not being able to actually remember their damn password!

    I've had secure passwords, but when forced to change them, even after 90 days, I use less secure ones but at least I can remember them.

    (I believe studies have shown the average person can remember a password within a couple of weeks, no matter the complexity if they're forced to enter it several times a day. So why not give them some long secure password, have them write it down for a couple of weeks, then let them be?)

  • Botzinger Gulm (unregistered) in reply to Sgt. Preston
    Sgt. Preston:
    Brad:
    I like how it's "Copyright (C) 1982, 2005, Oracle." as opposed to "Copyright (C) 1982 - 2005, Oracle." As if they coded it in 82 and decided to dust it off in 05 for kicks.
    And why do people insist on spelling out "Copyright" AND showing the copyright symbol? It's like saying something costs $5.99 dollars or the humidity is at 80% percent.

    Well, (C) is not a copyright symbol. The sequence '(', 'C', ')' does not really mean anything but capital c in parens. Of course, by international copyright law which is signed by most countries everything people make is implicitly copyrighted. The older version of the law that was signed by a good number of other countries too required either the word 'Copyright' or the copyright symbol. Which is not (C) but that little c-in-a-ring.

    At least so I've been told. Who knows, perhaps they lied.

  • James Steiner (unregistered) in reply to Mark B
    Mark B:
    rilarios:
    ....we can't use any of the last 24 passwords typed before.
    That just encourages you to use a predictable system. ie MarkDec06 MarkJan07 MarkFeb07 etc.

    Sadly, the password-overwatcher thingla where I work is too smart for that. Every 90 days it requires a new password with:

    * ...8 or more characters

    * ...at least one non-alphanumeric symbol

    * ...no strings of identical characters 3 or more characters long (banshee!, but not bansheee!)

    * ... no 4 or more character correspondence with any prior 100 passwords (no p@largh!, o#largh@)

    * ...no exact match or 4 or more character correspondence to the user name or description or full name (so, Jon Smith can't use !@#$jon23 and Marcus Welby can't use d4xr!Marc)

    So, you just have to be a little more creative. I am also lazy, and hate having to think about typing my password, and want to be able to type it very quickly.

    So, I use a pattern that generates unique-enough 9-character passwords requiring no tricky shift-work that can be entered in about 1 second, with no errors.

    Even tougher passwords can be generated and still entered quickly and accurately, e.g. 24 character password entered in no more than 4 seconds. The bonus? I only need to remember the first character--the rest flows readily from it.

    So, I choose a shift mode, start key, roll-direction, and row-direction. By roll-direction, I mean, rolling my index-middle-ring fingers across the keys, either left to right, or right-to-left. By "row-direction," I mean either up or down. For example: "shifted, ;, right-to-left, up" produces:

    :LKPOI)(*

    Want tougher passwords? Add more rows, and/or a second pattern (such as, same pattern, shifted one to the left).

    So: no-shift, 8, L-R, down, then to the left and reverse, shifted, you get:

    789uiojklm,.<>?KL:IOP*()

    Again, all I need to remember is the starting key, the rest flows from that.

    Now, I expect that the result-space of this pattern is probably small enough that a system that knows about this specific kind of pattern could crack it pretty quickly, given unlimited retries. But this is a Windows domain password, where 3 bad attempts locks out the account for an hour. So, not a huge worry, I hope.

  • James Steiner (unregistered) in reply to Botzinger Gulm
    Botzinger Gulm:
    Sgt. Preston:
    Brad:
    I like how it's "Copyright (C) 1982, 2005, Oracle." as opposed to "Copyright (C) 1982 - 2005, Oracle." As if they coded it in 82 and decided to dust it off in 05 for kicks.
    And why do people insist on spelling out "Copyright" AND showing the copyright symbol? It's like saying something costs $5.99 dollars or the humidity is at 80% percent.

    Well, (C) is not a copyright symbol. The sequence '(', 'C', ')' does not really mean anything but capital c in parens. Of course, by international copyright law which is signed by most countries everything people make is implicitly copyrighted. The older version of the law that was signed by a good number of other countries too required either the word 'Copyright' or the copyright symbol. Which is not (C) but that little c-in-a-ring.

    At least so I've been told. Who knows, perhaps they lied.

    Yes, please see The Berne Convention.

    "(C)" was/is used as a perfectly adequate substitute for the circled-c: © on systems that did not have the circle-c in their character set.

    I believe the "hey, that's not a 'circled-c,' only 'C-in-parens,' so the work isn't copyrighted!" defense was tried and failed in a copyright infringement suit, but that may be a coder's urban legend.

    To get circle-c: in html:

    ©
    in Windows:
    Alt + Keypad 0 1 6 9
    in osX/Linux/etc:
    I dunno

  • (cs) in reply to Mark B
    Mark B:
    rilarios:
    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.
    That just encourages you to use a predictable system. ie MarkDec06 MarkJan07 MarkFeb07 etc.
    Hey! Those are MY passwords! How did you get them?
  • (cs) in reply to Worf
    Worf:
    I've had secure passwords, but when forced to change them, even after 90 days, I use less secure ones but at least I can remember them.

    Yeah, I tend to make secure passwords. Then one system forced me to change every few weeks. As it doesn't have a way to check my past used passwords, I flip back and forth between two: Word1TwoChars and TwoCharsWord1

    Is it secure? In a sense... it follows the guidelines of secure passwords. Does it fit in with what they were expecting? Highly doubt it. But I couldn't be arsed to remember multiple confusing passwords that change every X number of days.

    -- Seejay

  • (cs) in reply to James Steiner
    James Steiner:
    So, I choose a shift mode, start key, roll-direction, and row-direction. By roll-direction, I mean, rolling my index-middle-ring fingers across the keys, either left to right, or right-to-left. By "row-direction," I mean either up or down.

    O_O This is genius! I love the idea. And I think I'm deifnitely going to keep it in mind if my work passwords start to get more anal retentive to the point that I can't put band names into leet speak without busting a blood vessel trying to get it to correspond with a bunch of mucked up rules!

    -- Seejay

  • Jerry Kindall (unregistered) in reply to James Steiner
    I believe the "hey, that's not a 'circled-c,' only 'C-in-parens,' so the work isn't copyrighted!" defense was tried and failed in a copyright infringement suit, but that may be a coder's urban legend.
    I believe the case you're thinking of involved a c-in-a-hexagon on a video game that used vector graphics, which the court found to be a reasonable approximation given the hardware limitations. Of course, that was back when notices were still required.
  • PeriSoft (unregistered) in reply to Worf
    Worf:
    (I believe studies have shown the average person can remember a password within a couple of weeks, no matter the complexity if they're forced to enter it several times a day. So why not give them some long secure password, have them write it down for a couple of weeks, then let them be?)

    No matter the complexity, eh? Excellent. Forget backups - each of my employees will get a password every two weeks which is equivalent to a UUEncoded tarball of our data. Two birds with one stone!

  • (cs) in reply to Zecc
    Zecc:
    Maybe the word "Copyright" is copyrighted...?

    The longest word in the English language with no repeating characters is: UNCOPYRIGHTABLE !!

  • (cs)

    A requirement of "no 4 character correspondence with any previous 100 passwords" is a real WTF, because it means that the passwords must be stored in PLAINTEXT somewhere on the server.

    Many systems outlaw direct matches with previous passwords, but this can be accomplished by keeping the hash value of the password, not the plaintext, and checking the hash of the new password against the hash of the old one. This only works if you check for exact identicalness, since even one different char between old and new passwords would produce a completely different hash.

  • (cs)

    Hint for all you clueless people about (C) vs c-in-a-cirlce debate.

    The presence, or lack thereof, of any particular symbol before a piece of text has NO LEGAL MEANING WHATSOEVER on whether the text is copyrighted.

    If I write something, the copyright belongs to me, period. I can put (C), c-in-a-circle, or nothing at all in front of it, and that does not change the copyright status of the text in question, nor what you are allowed or not allowed to do with that text.

    The symbol is purely informative, design to warn or scare off people, or accent the fact the text is copyrighted if the user otherwise might not have known that. But again, it does not have legal meaning. Ignorance is no defence in court, so someone can't say "well this text had no (C) symbol so I yanked it".

    In other words, the (C) symbol is like a sign saying "PRIVATE PROPERTY: NO TRESPASSING". It is only there to warn you. Even if the sign wasn't there, you'd still break the law by entering my property.

  • OJ (unregistered) in reply to SamP
    SamP:
    A requirement of "no 4 character correspondence with any previous 100 passwords" is a real WTF, because it means that the passwords must be stored in PLAINTEXT somewhere on the server.
    Not if you store the hash of each 4 character combo
  • (cs) in reply to James Steiner
    James Steiner:
    in osX/Linux/etc:
    I dunno
    opt-g

    (opt-c is taken: lowercase c-cedilla)

  • (cs) in reply to James Steiner
    James Steiner:
    Mark B:
    rilarios:
    ....we can't use any of the last 24 passwords typed before.
    That just encourages you to use a predictable system. ie MarkDec06 MarkJan07 MarkFeb07 etc.

    Sadly, the password-overwatcher thingla where I work is too smart for that. Every 90 days it requires a new password with:....

    You work for BOFH and everyone in your company must have full-blown stockholm syndrome. I'm a network admin a fair amount of paranoia and you still melted my brain with all that.
  • Jon (unregistered) in reply to ParkinT
    ParkinT:
    The longest word in the English language with no repeating characters is: UNCOPYRIGHTABLE !!
    Dermatoglyphics is equally long. I'll check some word lists for any longer ones.
  • (cs)

    All computer security is managed by people who are too stupid to get a real job. One security professional somewhere, sometime thought it would be a good idea to require passwords to be periodically changed, hopefully more often than the time it would take to brute-force guess it. Since then, about 50 better ways to deal with brute-force attacks have been invented, yet everyone in the world is still forced to change their password at ridiculously small intervals. Why? See first sentence.

  • (cs) in reply to Someone You Know
    Someone You Know:
    Harrow:
    You had passwords? We had to hire a guard with a handgun to stand by the terminal.
    A handgun?! All we had was harsh language!

    You had the Aussie Navy guarding your terminals from Iranians? Cool!

  • (cs)

    18446744073709551541 is 0xFFFFFFFFFFFFFFB5

    Which is (2^64)-75. Which someone already stated, but I thought I'd show how easy it is to use the nonWTF Windows Calculator to work this out. Similar tricks with (2^32)-1 4294967295 (FFFFFFFF), or the more ubiquitous (2^31)-1, 2147483647.

    But I really wanted to comment on the futility of stupid password policies. Our stupid organisation went for super-harsh passwords -- three of the four groups, lower case, upper case, numeric, special, 8 character minimum, none of previous 13 passwords, password cannot be changed until it is 24 hours old (to stop people 'cycling' through a list of passwords), max password age is 30 days NO EXCEPTIONS, and a lockout policy of 3 bad attempts (which is only 1.5 bad attempts if you try your password between Windows domains, and Kerberos gets upset), with a 0 minute lockout (Admin only unlock). The '3 of 4' groups and 8 char minimum was 'too hard' so now it's 6 characters minimum with no strict enforcement of groups, but still with the 3 retries before permanent lockout. STUPIDITY.

    Ex

  • © (unregistered) in reply to excession

    permanent lockout is actualy a good idea. i used to work IT helpdesk and with a 1hr lock period you'd be amazed at the amount of people that would just blow off the hour doing jack shit instead of calling the help desk to get it fixed.

    stupid american workers with no sense of ethics!

  • Geoff (unregistered) in reply to KattMan
    KattMan:
    Someone You Know:
    Harrow:
    KattMan:
    Matt:
    rilarios:
    PsychoCoder:
    How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

    90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

    Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

    Yeah well when I was a kid we not only had that, but we also had to type them in reverse, while blindfolded!

    You young guys have it easy.

    You had passwords? We had to hire a guard with a handgun to stand by the terminal.

    -Harrow.

    A handgun?! All we had was harsh language!

    Grog have stick. Grog bash head.

    /me acts like an angry amoeba.

  • Jon (unregistered) in reply to ©
    ©:
    permanent lockout is actualy a good idea. i used to work IT helpdesk and with a 1hr lock period you'd be amazed at the amount of people that would just blow off the hour doing jack shit instead of calling the help desk to get it fixed.
    An hour is silly; I think it should be a few minutes at most. It's there to make password-guessing infeasible, not to annoy people who mistype their passwords three times (or who get locked out deliberately by pranksters).

Leave a comment on “Just Wait For It ...”

Log In or post as a guest

Replying to comment #:

« Return to Article