File: length_beats_complexity.gif (280 KB, 734x362)

280 KB GIF

>>102410469
The problem is those retards get jobs at companies who have all your data. If they get hacked, so do you.

>>102410469
>your doctor is retarded with his password
>your medical information is now public
who le cares? let normalfags make retarded mistakes! it doesn't affect me! LOLOLOL

>>102410469
The problem arises when these retards have access to important data while simultaneously having a password vulnerable to a dictionary attack.

We can reach a happy medium. Force things to be too complex and Susie is just going to write her password on a sticky and put it at her desk for everyone to see.

>>102410532
But anon they got nothing to hide! Just like every other retard in history suddenly finding themselves in front of a mass grave.

>>102410469
>What caused this?
computers becoming fast enough to trivially brute force password "1234"

File: 1hurr.jpg (112 KB, 300x300)

112 KB JPG

>>102410469
>>2024
>>SAAR YOUR PASSWORD MUST HAVE A MINIMUM OF 12 CHARACTERS, ONE UPPERCASE LETTER AND ONE SPECIAL CHARACTERS, NO MORE THAN 3 REPEATED CHARACTERS ARE TO BE ALLOWED
That's nothing if you generate passwords randomly and store them in a password manager.

No, the worst is the FUCKING need to validate every single login with an e-mail, an SMS, a F2A, and sometimes two or three or those at the same time.

They needed a way to blame the user so they said that your password must have been easy to guess" as if someone is really sitting around brainstorming what they think you would choose. In reality they were just giving your password to anyone that calls and asks for it or knows a little SQL.

Most password requirements just force the user to choose worse passwords. dntvjvoctnugfwfurcjk is a better password than P@ssw0rd, but guess which one ticks more stupid security boxes?

doesnt everyone just use generate strong password now

File: 1698072809523255.png (22 KB, 380x446)

22 KB PNG

>>102410469
>you VILL type your username before we show you the password textbox
I would like to rape the entire family tree out of existence of whoeever invented this

>>102410469
use strong password on website no password on firefox or chrome saved passwords function

>>102410469
Use keepassXC like a normal person

Password length and character variation makes it harder to crack. But if the upper-level people are incompetent, it doesn't really matter.

>>102410710
I HATE this shit.
Why do they do this?

File: artworks-000128437417-n8r(...).jpg (29 KB, 500x500)

29 KB JPG

>don't require 2FA on this device
>log in 8 hours later
>please enter the six digit code we texted to...

>>102410469

yi><N+]ev\SapYr5Ej2_q[LuQqttZx!m%/iDfme'*rD#eqo;ZbJAJ}=\$R-H7-WU!r\vE@?(3.g@xtguK):#ExFRKbSV"M:^Zg!H*%$/9AX~'JuwhNKiRU}e[Unz:$4@

all your passwords should be something like this anyway

>>102410858
What are you protecting? Nuclear launch codes? 10 billion dollars?

No one's trying that hard to hack you

>>102410921
none of your business. i click a button it makes a password

File: 1725188218975588.jpg (241 KB, 1200x1600)

241 KB JPG

>Log in to website with remember me checked
>Visit website less than 5 minutes later
>Presented with a log in prompt
Thank you ZeroTier, very cool.

The problem are retards using the same passwords for each website they visit, from xvideos or some who-website to their bank account.

>>102410858
>125 character
The current most common hashing algorithm for passwords is bcrypt and it maxes out at 72 characters.
Everything above it is useless and gets truncated.

>>102410941
i click a button and hide your post

>>102410469
you forgot to mention that there are special characters you cannot use, but they don't specify which
>>102410532
this does not hold because literally every website forces such validation and 2fa, despite me not caring about the account at all, and it not having any important information

File: 1726493175868.jpg (65 KB, 680x322)

65 KB JPG

>>102410530
>>102410532
>>102410533
>b-b-but they have access to important data goy
Then explain why I am forced to setup a 2FA on my throwaway github account which is not linked to any companies and just hosts my garbage solo projects? I JUST WANT TO FUCKING LOGIN NOT LINK MY FUCKING DNA TO MY GITHUB ACCOUNT DUMB SHITS

>>102411136
SAR I UNDERSTAND SAR HOWEVER THE ENTERPRISE REQUIRES THE CUSTOMER TO INSERT A VALID PASSWORD SAR LUCKILY WE HAVE THIS SOFTWARE PACKAGE SAR THAT WILL GENERATE (((RANDOM))) PASSWORDS FOR YOU SAR

>>102411136
>you should have difficult password
>you should have 2FA via SMS
>you should have 2FA via email
>you should have 2FA via authentication app on your smartphone

>login with email
>please enter the code from your app/sms
>login with phone number
>please enter the code form your mail
>want to restore the password?
>please go through all circles of authentication hell

File: 1697593627865452.png (1.25 MB, 1200x675)

1.25 MB PNG

>>102410921
>nothing ever happens
>n-no ones spying on y-you
>y-you're j-just not that important o-okay?
>S-STOP ASKING Q-QUESTIONS!
Can you fucking niggers at least try to pretend you're not all running down the same talking points?

File: 1683310613789669.jpg (27 KB, 480x365)

27 KB JPG

>>102410858
>No control characters
>No emojis
>No unicode confusables
Enjoy getting hacked

>>102410469
Believe it or not but there are people who have important data to protect in general. Even something like a compromised facebook account can get you in trouble since someone can try scamming your friends and family members under your name. Thats why companies want people to use better passwords and 2fa. While requiring a password with big charset is maybe not the best way to go, then its better than allowing something like 1234 with no 2fa. Most of you fail to realise that because you are NEETs with no responsibilities in life.

File: 1356915761687.jpg (234 KB, 569x571)

234 KB JPG

>>102410845
this...i hate 2FA so goddamn much

>>102410469
Because compromised user accounts is a risk to your service you retard. Not only is it a drain on support resources but a hacked account can do harm like spam penis enlargement ads.

File: 1718736537081012.gif (1022 KB, 264x320)

1022 KB GIF

>you must log in to download this file
>please enable javascript and allow cookies to continue
>that username is taken
>your password must contain 8 characters, an uppercase letter, lowercase letter, a number, a symbol and must not contain your username or email
>your email provider has been blocked by the administrator
>you failed the captcha please try again
>your ip has been banned for too many failed attempts

>>102410469
>forgotten passoword?
What the fuck site is this?

>>102410469
People are unbelievably stupid. Part of my job is tech support and the number of people who just tell me, completely unprompted, their username and password is staggering. And then people wonder why scams are so pervasive. So password requirements are at least something. If nothing else, they help protect the companies from the liability of these retards getting scammed.

>>102410921
kys retard

File: hq720.jpg (38 KB, 686x386)

38 KB JPG

Just use one of these two and you will never have to worry again.

>>102411463
>inb4 ranjeesh_enterprise_super_html_form_validator.php.js silently fails to process these characters ("these characters are not in the scope for mvp, ranjeesh. cheers. - tim, the product owner" ) and reports that your account doesn't exist on login

>>102410469
it costs money to hire more jeets to field the support tickets to address the ' my 1234 account with password 1234 got HACKED'. So the end user is basically supplimenting the support budget by being forced to do extra work (remember absurd passwords).

your life is constantly being inconvienced so others can have it easier. never forget that.

File: DfX6RMHq_400x400.jpg (25 KB, 400x400)

25 KB JPG

>>102410845
>>102411485
>"Hey! Why don't you, uh, pull out your cellphone - and give us that code we sent?"
>"We'll make sure to do it again on your next login attempt. And for your convenience, we've also sent you an email saying that you just logged in using 2FA."

>>102410621
You'd be surprised how uncommon this is for non-techy people. My parents still store their passwords in a printed Excel spreadsheet with dogshit passwords that use the same base. Something along the lines of "L@stN@me!Facebook". I've tried explaining that anyone with two brain cells will be able to access all of their accounts if a single one of their passwords are leaked but they just can't grok it.

>>102410621
Depends on the generation. Recently had someone in their mid thirties have to be instructed on how to find the secure password generated for them in the iOS keychain to log into Instagram on their desktop, other times older people won't use the auto generate feature and type in their own password like >>102412549

>>102411286
Hold on, I need to update the CIA’s entry on you with all that dick girl hentai you watched yesterday. Stupid schizo.

>open keepassXC
> click dice
> copy paste password to correct field
I don't even know what any of my passwords look like

>>102410469
T-Mobile is the fucking worst about this.
>YOU MUST USE A SPECIAL CHARACTER
>NOOOOO! NOT *THAT* SPECIAL CHARACTER!
>YOU USED THIS PASSWORD ALREADY 5 YEARS AGO, TRY AGAIN
>WE CHANGED OUR MINDS AND NOW IT NEEDS TO BE LONGER, MAKE A NEW PASSWORD AGAIN
>NO, YOU STILL CAN'T USE THAT SPECIAL CHARACTER

>>102412549
This is actually based but I have no idea why they would store such an easy to remember password digitally. Thing is, the most likely way for their password to leak is through the excel file, in which case it couldn't even matter if every password was completely random. Next most likely way is a website they have an account at being hacked, which isn't a big deal. Usually the passwords would be hashed and salted in which case the attacker won't have access to the plaintext. Even if the passwords were stored in plaintext, someone would have to manually go through the entire list of passwords to find one that looks like a pattern, try the pattern somewhere else, and hope they used the same username. There's no way to automate that right now so it's unlikely anyone would actually try it.

File: 1724402578519053.jpg (23 KB, 352x357)

23 KB JPG

The funny thing is you give them a phone number they let you in with no obstacles, they basically would give your account to just about anyone willing to give them a phone number, why is that?

>>102412603
make sure you also update the entry with all the futanari hentai i watched today, faggot

File: 1717231785065018.png (345 KB, 620x640)

345 KB PNG

>>102413275
Aren't dickgirls and futanari the same thing?

File: 45.jpg (62 KB, 595x864)

62 KB JPG

>>102410469
>2009
>have 24 character password with numbers and symbols
>system says password cannot contain any "special" characters

>>102413303
what's wrong agent, did they not cover this topic during your training?

File: 1702075098045016.jpg (45 KB, 750x761)

45 KB JPG

>>102410469
>Your password is too long!
why the FUCK does this matter? are they not hashing it?

>>102410710
ditto

why do they just assume i have a phone? why can't i use half of the fucking internet without a god damn phone?

File: 1571943932764.png (66 KB, 194x259)

66 KB PNG

To this day i have a 300 dollar purchase lined up on ebay i cant buy because i refucking fuse to 2fa to buy shit. Kill yourselves phone niggers

>>102412889
>There's no way to automate that right now so it's unlikely anyone would actually try it.

EXTREME PRO HACKING TOOLS FOR PROS ONLY:

search

:/\cfacebook\|gmail\|google\|amazon\|hotmail\|twitter\|xcom\|instagram

filter lines

:v/\cfacebook\|gmail\|google\|amazon\|hotmail\|twitter\|xcom\|instagram/d

>>102410469
Just use a password manager like keepassXC or bitwarden brainlet tech illiterate retard KYS

>>102415233
HOW DO YOU AUTOMATE FINDING PATTERN-BASED PASSWORDS?

Retard.

>>102410532
>your medical information is now public
why do people give a shit about this

>>102411136
You will provide the personal identification.
You will generate the data footprint.
You will subscribe to the agreement.
And you will be happy.

>>102411136
Use TOTP based TFA, not mobile phone 2fa retard
>but this website asks for it
stop using it

>>102415339
>TOTP based TFA
2fa

>>102410469
I'm surprised we aren't already at the point of having to us bio-metric locks for accounts.
>99% of phone use some sort of facial 3D scan or fingerprint reader
>only use PINs or passwords when those aren't working
Even if you think about 2FA, it still involves you getting a text, call, or email to your phone that you then have to unlock via bio scan anyways. I know it's possible to buy a dedicated finger printer reader for windows, even for a desktop to use as log in, but across multiple sites it's not possible yet. Is this because each site would have to keep a database of their clients bio-records? Is there no one system for all companies to query with this information already? Or are we still pretending the government didn't tap Android/iPhone's databases of people's 3D facial mapping scans and finger prints.

>>102415358
And then what would stop me from buying a bag of russian bodyparts and IDs from some deranged ukrainian quartermaster and using them for burner accounts?
Existing systems are more tightly tied to your legal identity already. You ARE your financial activity.

>>102410558
I prefer having the same password everywhere if there's also a 2FA that I can enable

the password doesn't matter if you have a second step

>>102410530
>>102410533
>>102411492
This would make sense if many services that require strong passwords didn't also have mandatory 2FA that makes strong passwords pointless. Especially since if the cracker/attacker has access to your 2FA device they often can just use it to reset the password.

>>102410469
i dont even mind password requirements
its the fucking
>PLEASE ENTER RECOVERY EMAIL
>PLEASE ENTER RECOVERY PHONE NUMBER
>PLEASE ADD 2FA
>PLEASE USE A UBIKEY
>UMM YOU TYPED IN A REALLY STRONG PASSWORD BUT HOW DO I REALLY KNOW ITS YOU??? I THINK ILL JUST SEND 1228939526845628346 VERIFICATION CODES TO ALL YOUR CONTACT METHODS

>>102410469
>SSAAARR YOUR PASSWORDS MUST NOT BE SIMILAR TO THE PREVIOUS 8 PASSWORDS
suck my FUCKING nuts you absolute NIGGER

>>102415306
insurance boosting your prices, dumbass

>>102415993
you like having to movie your ass over to find your phone ?

>>102412603
>schizo
Who asked you, a voices in your head?

>>102410828
because they're white.

>>102412603
>Stupid
You treat official narrative like word of god, you have zero rights to call anybody stupid.

>>102410469
password policy from the 90's
your best password is a memorable phrase of six or more words, even better if you mix languages.

>>102411136
>Not wanting to link your RiboNucleaicAcids with your GitHub
NGMI, lass.

>>102411773
Why not both?

just remember Anons that just because a password is long enough to not be easily brute forced, it can still be dictionary attacked!

Nice try, Dmitri, but I won't make it easier for you to fuck my customers over.

>>102415358
We should be using 3FA.
>Username+Password
>Yubikey or authenticator app
>Biometrics

>>102410469
123456789123

>>102416019
For their safety it's still better that their password is not reused. It's like forcing people to washing their hands after they take a shit.

>>102411474
And that's not my problem. If normies have important reputations to protect they should set strong passwords themselves. They're very smart individuals after all.

Isn't the obvious solution to have something like a password protected key file on your device that is used to login to everything. It would be like having a password manager but not retarded. It's like the difference between cryptocurrency and credit cards, proving you're authenticated rather than sending them all the authentication and hoping it doesn't get stolen or misused .

>>102410469
JUST STOP USING PASSWORDS!
Send me an email with a link. It's preferable than remembering MILLION passwords for everything and more secure.

>>102417712
Burger-san...

>>102420398
we should be using dickFA. you insert your PENIS into a dickreader, facing the dickholder (you are the dickholder). it then scans your PENIS to confirm your identity. it can be paired with a vibrating buttplug that will stimulate your PROSTATE to give you a BONER so your measurements are properly taken

>>102410469
I have accounts from 20 years ago with single (common English) word passwords, no caps, no numbers or special characters, that remain unhacked.

>>102410469
this is a bait thread but for those of you who are complaining about this the website is protecting you from yourself

In 2008 my friend and I coincidentally had the exact same password "allah123".

File: 1726565409225.png (309 KB, 970x600)

309 KB PNG

>>102411492
What's wrong with penis enlargement ads??? What are (((they))) hiding from us????

Password complexity requirements are generally because companies don't want to be liable for the half dozen idiots who use 'password1' as their password on every site. Modern attacks basically take big lists of email addresses from breaches or other sources, and try a couple weak passwords on all of them to get some hits, and then the company looks bad.

>>102415993
Passwords turn up in breaches now and then and get added to wordlists. Along with your username of course. Best not to reuse.

>>102418871
Dictionary attacks still have a vast number of combinations to churn through and unless you're attacking a password hash itself, even two common words stapled together will be strong enough. Unless you can find a website you use that doesn't have a password lockout. It's not so much about making it unfindable but making it unfindable within 5-10 attempts. Use two uncommon words and it's over.
The gold standard is to use a mixture of vowel-likes and uncommon words. teqqerbrutevanquish is a set of words that is basically uncrackable. Throw a symbol and digit in there and it's a good master password for the password manager you use.

>>102410469
i've noticed this agenda on /g/
>you should stop using software from big companies with strong security features, they are spying on you
>you should stop using anti viruses and anti cheats they are not necessary and are spying on you
>you should stop using complicated password they are stupid and you are wasting your time writing them out
peculiar, i wonder if this OP comes from iran/russia/china

>>102423132
Easier explained by 2fa just being a pain to use. I don't really like it. Not everything needs 2fa, but its primary defense is in the case you're phished or there's a breach. And it's important to not think you'll never be phished, since it's not a matter of you at peak form vs a phisher, it's a matter of you waiting for a parcel that's fucking late from UPS, then getting a UPS-themed phishing email about a late parcel and being asked to sign in to view the details, and it's 2 fucking am and the parcel is important to you. Some phishing is good, some is hilariously well timed.
Phishers only need to get you once, you need to win every time.

>>102423153
It's just a matter of adding layers of defense. Mobile 2FA is still by far the best method we currently have that balances out convenience and security. And even if you don't use 2FA and the service you are using allows bruteforcing, then it's very important to use different and complex passwords, it takes like minutes to crack a simple short password now

>>102423175
>it takes like minutes to crack a simple short password now
If you're attacking the hash. That doesn't happen outside of database breaches (where half the time they don't even store them hashed anyway) and internal networks. Personally I'd like to see more support for 'thing you have' 2fa like a security token, or even using the TPM in your device.
Just plug in your token into your computer and tap it to provide the second factor.

File: 1726566833718.png (135 KB, 667x720)

135 KB PNG

>>102423132
>you should stop using software from big companies with strong security features, they are spying on you
This is true. Plus, there is no guarantee that they're more security than Libre offerings.
>you should stop using anti viruses
There is no good Antivirus for GNU/Linux, Android, MacOS, etc. On Windows use whatever the fuck you prefer, but studies have shown that Windows Defender is one of the best antivirus right now. Just disable all online scanning bullshit since it doesn't work.

On any OS you should ALWAYS have a properly configured firewall.
>and anti cheats they are not necessary and are spying on you
Anticheat software is a liability. Especially bullshit like Vanguard.
>you should stop using complicated password they are stupid and you are wasting your time writing them out
Because they are useless. Most websites won't allow attackers to try 500 password combinations before kicking them out so this bullshit "it takes 2.8 billion years to guess this password" is pointless.

It's especially pointless since the important websites (banks, GitHub, etc.) Force 2FA which makes password complexity a moot point.

Hackers nowadays rely on data breaches rather than dictionary/brute force attacks.

My absolute favourite phising attempt on me I've seen so far is one that was like "What the <company> breach can mean for you", and it prompted me to follow a link to login to 'secure my account' after the breach, hinting that there was an imminent risk to my account. Of course timed so that news of the breach came after official sources said it.

>>102423209
not reading allat, tranime picture also iran/china/russia-coded ahh response
>>102423198
I don't see how TPM would be good for security, it just makes anyone with physical access get into it immediatly. The reason why phones are good is because nobody can access them if they are properly set up with a complex password, encryption and a esim and you have the screen shut down and lock every 10 seconds after not using it. That way the only way anyone can get access to your juicy data is by kidnapping you physically and torturing you until they get in. This is the same reason why microsoft accounts on windows are so important, because with a complex password and disk encryption they are practically unhackable without once again torturing you or having access to government tier resources, while a local account can be bypassed by a fucking program from the 90s

>>102423247
Physical access is usually the game-over screen for all information security regardless. Anyway the TPM can store encrypted key material for you so it can only release the keys for your 2fa after the OS has given it the correct decryption material. Which can be protected with full disk encryption of course. (So long as you aren't using the TPM to decrypt...)

>>102423274
Not really, if someone stole my mobile phone now they literally can't do anything with it as long as they haven't kidnapped me as well. While I can just get my phone number ported over onto a new device and have access to all my files again. 2FA is perfection, it's a bit inconvenient to have to have internet access to access your shit and have to type in codes or use your fingerprint, but it just werks in terms of security. It solved everything as long as you are careful enough. At that point only issue is human errors by falling for phishing attempts, but even that threat level can be significantly lowered by anti viruses, adblocks, sandboxing and education/awareness on how things work.

TPM is very important and I'm glad that W11 finally started using it to make sure at least boot keys are safe. But I don't think it can be a full blown replacement for 2fa, I don't see how it covers the same threats.

>>102410469
All I want is for the restrictions to also be listed on the login page.

>>102423310
2fa simply means two factors of authentication. The TPM is classed as 'something you have' and can function as a facilitator for that alternate thing because the one in your device is unique. Sure it can be stolen but so can yubikeys. Password being the "Something you know" factor.
MFA codes generated from a seed, (IE the 6 digit things generated by authenticators) are 'something you have' in that you have a unique seed that can generate codes. You use an app to see the latest one. Same with email and SMS, you 'have' access to the email or phone number. Biometrics are also 'something you have' but they suck because you can't change them, which is a critical part of securing accounts. Someone steals your finger and your biometric auth is just compromised forever. (Or produces a dummy finger from a mould or picture or something)

>>102423351
That's just an unrealistic security threat model though. The only way that enters debate is if you are someone like Osama Bin Laden and have literal CIAniggers going after you. The average person is just worried about pajeet from india trying to scam them and get into their machine, or tyrone from downtown stealing their laptop and phone.

>>102423368
Yeah which makes a TPM just fine since mr rajesh from india isn't gonna yoink your laptop from you

>>102423379
Doesn't solve anything about tyrone, while mobile 2FA solves both rajesh and tyrone. But I don't think phishing can ever be fully beaten, the only way you'd defeat it is by literally taking away control from the user, making it like a limited bank account where you have to call the bank and explain why you want to let something go through and in a sane bank they'd tell you you are most likely getting scammed. But that's just not convenient, user wants control.

>>102411115
>you forgot to mention that there are special characters you cannot use, but they don't specify which
Database incompatibility.
Otherwise you can just use emojis, ain't nobody hacking that shit even if you just use 4 of them in a row. The character set is too large to brute force it.

>>102423404
Doesn't matter if it doesn't solve tyrone, I'm just stating the definition of 2FA and how the TPM can be used under that definition.

>>102417728
You are unironically retarded.

>>102410621
>>102410784
>>102410858
>>102411773
>>102412701
>>102415252
>>102415339
>>102415347
Why is everyone ITT ignoring these solutions?

>>102423430
2FA assumes that there's manual real time verification, no? It's the main reason why pro-security people suggest disabling cookies and history on apps. TPMs as currently widely used and implemented don't have that factor from my knowledge. Could you give me some real life examples of what you are talking about?

>>102423105
he means that 2FA is essentially a second password and that it doesn't matter if the password is compromised
you should read more carefully

Pretty sure that the EU is playing a role in it
And its also bad PR if people get hacked easily so getting people to make a script kid safe password is good

>>102410469
>>SAAR
added this zoomerslop word to the filter

>>102410469
>What caused this? If people are retarded with the passwords they choose let them be retarded
Because people are retarded and don't want responsibility
All you need are two buttons after installing a software
>"i am a midwit and i don't care about anything, just do everything for me"
>"I with to b customize everything myself, don't bother me"

>>102423710
You can spoof someone’s cellphone number to get around 2FA

File: 1722789861040774.png (211 KB, 440x583)

211 KB PNG

>>102412505
>forgot password, reset password, 2fa prompt
>mailbox full
>phone memory full
>secondary gmail account receiving duplicates of everything
>tfw everything is chaos

File: 1700963249409545.png (128 KB, 286x234)

128 KB PNG

>>102424466
>mash keyboard in frustration to meet minimum 48 character, 10 sigils and excorcism proof requirement
>copy-paste into "confirm" field
>sigh
>write down password on post-it incorrectly because I forgot some symbol
>the process repeats in a day or two

File: 1725545048149108.jpg (6 KB, 168x300)

6 KB JPG

>>102424490
>Sorry you can't use a password you have used in the past 2000 years.
IT JUST KEEPS HAPPENING

>>102410858
Good luck getting back into your porn hub account when lose your password I guess? baka

File: kek.gif (925 KB, 200x200)

925 KB GIF

>>102424466
>>102424490
>>102424498

>>102410469
Just use a password manager. For me, it's Master Key for the GNOME desktop environment.