• Friendly_Reminder (unregistered)

    Of course 64 "fully random chars" is less secure, because there's even less chance for you to remember it. So what do you do? Write it down -> Less secure! Oh, a password safe? Okay, how is this one secured? With the password "123456"? -> Less secure!

    It all makes sense!

  • Joe Torben (unregistered)

    ZeroHedge doesn't have news, so that's a fact, not a WTF.

  • (nodebb)

    No comment on them having a maximum recommended length for a password? No speculation about whether it will even work correctly if you try to use a longer password?

    I am bitterly disappointed with the quality of the commenters here.

  • Robert Morson (google)

    Apparently, Sydney Ferry Service's is also a fan of unnecessary apostrophes.

  • Pjrz (unregistered) in reply to Joe Torben

    Yes it does. I can see it. It's just false.

  • Friendly_Reminder (unregistered) in reply to Pjrz

    So, at least they are admitting to spread FALSE NEWS?

  • Quite (unregistered) in reply to Friendly_Reminder

    exactly what I came here to say

  • Quite (unregistered) in reply to Steve_The_Cynic

    A maximum recommended length makes good sense. The whole idea of a password is to make it so a user can directly access the stuff he/she is authorised to do so. A ridiculously long password is counter to that use case. 64 random characters is appallingly weak, from a higher-level point of view, as pointed out by Friendly Reminder.

  • bobcat (unregistered) in reply to Robert Morson

    The technical term for those is Greengrocers Apostrophe's (yes, with that punctuation).

  • Friendly_Reminder (unregistered) in reply to bobcat

    In Germany we call those "idiots' apostrophe".

  • RobyMcAndrew (unregistered)

    I think Lua Error is Bobby Tables younger brother

  • null null (unregistered) in reply to Steve_The_Cynic

    I am bitterly disappointed with the quality of the commenters here.

    2 comments in? Seriously? What, are you disappointed the first one wasn't a FRIST?

  • (nodebb)

    I think the real email address of Hans in the Apple screenshot should be blurred though.

  • Raj (unregistered) in reply to YellowOnline

    And now we know his Apple ID login and the fact that his password is 32 characters or less. The hacking job is half done!

  • Wolf (unregistered)

    In the Null one, the screen capture shows a CPU, and network usage overlay... What app is that? :)

  • Forestphoenix (unregistered) in reply to Quite

    But, if you have to remember ALL the passwords you tend to re-use them -> less secure. From that perspective password managers might be the better option (if secured properly. At the very least with "1234567" ;-) ).

    And any moron who secures their password manager with 123456 deserves to have their passwords leaked.

  • (nodebb) in reply to Forestphoenix

    any moron who secures their password manager with 123456 deserves to have their passwords leaked

    That’s the same combination I have on my luggage!

  • MiserableOldGit (unregistered) in reply to Friendly_Reminder
    In Germany we call those "idiots' apostrophe".

    And yet I notice it is standard usage up here in the Netherland's. I see no potential friction from this observation ...

  • PenguinF (unregistered)

    Probably means the password is stored as plain text in a CHAR(32) field. Sad.

  • Alan (unregistered)

    TRWTF is a 587 MB touchpad driver.

  • löchlein deluxe (unregistered) in reply to Steve_The_Cynic

    Sorry to burst your bubble, practically all online password management pages will have a maximum length restriction because the web server will have a maximum POST size.

  • (nodebb) in reply to löchlein deluxe

    True but irrelevant. That's an argument for limiting it to some thousands of characters depending on preference – and I don't think even Steve_The_Cynic would really object if they said it was a maximum of, say, 5000 (arbitrary Unicode) characters. 32 is a bit different.

    If the webserver's POST size limit really does make a 64-character password impossible then that is TRWTF.

  • RLB (unregistered) in reply to MiserableOldGit

    Nope, we only use it in some situations. The plural of "situatie" is "situaties", no apostrophe, just as you'd expect. We, too, have the stereotype (or observation...) of greengrocer's selling "appel's", which is just as wrong in Dutch as selling "apple's" is in English. In fact, we use no apostrophe in cases where English would have one. "John's pen" would be "Jans pen" in Dutch. The confusion may have arisen because we do use apostrophes in both plurals and possessives, but only where it would change the pronunciation otherwise. The plural of "oma", with a long /a:/, is "oma's" (as is her possessive), because "omas" would be pronounced with a short /ɑ/, which would be wrong. And yes, there are Dutchmen who get this wrong.

  • Anonymous (unregistered)

    A 64 character password can be less secure if the server-side hash is only computed over the first 32 characters of data sent to the server. If the user stores their password entropy mostly beyond the 32-character mark, none of it gets used by the server.

    This is usually done to prevent users from DDOSing the server by sending very long passwords, which can use up CPU time when the hash function used is (as recommended) expensive on cpu time.

  • Rednimer Yldneirf (unregistered) in reply to Friendly_Reminder

    The password of your local password manager has to protect against attackers having gained access to your computer or the password database.

    The password of the online service in question has to protect against everyone.

    So it makes sense using a passphrase you can remember for you password manager, which then allows you to use ridiculously strong passwords everywhere else.

    Not talking about online password managers, obviously only a moron would use one of these.

  • MiserableOldGit (unregistered) in reply to RLB

    Thanks for correcting me, maybe it's just that I see it everywhere and assumed it to be correct usage. You don't often see the mistake in printed form in the UK as (theoretically) someone would proof read it and point it out.

    I see it mostly when shopping or looking at menus (menu's), so maybe it's just that there are frequently foreign words that would produce pronunciation problems without sticking the apostrophe in there (pantosti's?) Looks especially odd to me when the English is side by side with the Dutch, and it's the exact same word but with a grocer's (so shoot me ... ) apostrophe bunged in there!

    Guess I'll need to figure this out if I'm ever going to inburger ...

  • (nodebb)

    "Correct Horse Battery Staple" is fewer than 32 characters, so you can use that instead.

  • doubting_poster (unregistered) in reply to urkerab

    except that it'll force you to use a number. and a non-alphanumeric character if you're really lucky. Password rules are so stupid.

  • (nodebb) in reply to doubting_poster

    I take your point about digits, although last time I looked spaces weren't alphanumeric. How about "Fewer than 32 characters"?

  • (nodebb) in reply to doubting_poster

    <quote>Password rules are so stupid.</quote>

    Bill Burr, the guy who made them up, agrees. Check out https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118

Leave a comment on “A Test-imonial”

Log In or post as a guest

Replying to comment #484350:

« Return to Article