Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What, precisely, is bad about that list?

There's a problem that people when faced with a dialogue box asking them for a password will be unable to think of a strong password, but that's solved by giving them some form of auto generation.

Writing passwords down is not a security problem, if the slip of paper is kept safely.



Because when it comes to changing passwords, it would take me about 45 minutes to come up with a new password that met the rules and had a reasonable chance of me remembering it. I took to writing them down as I was trying to come up with something, and keeping the paper handy for a few days because I'd frequently forget the passwords by lunchtime and lock myself out of the system.

One thing to remember about these rules is that there are some other ones not publicized. All you know when it refuses to take your password is that it says "password doesn't match" instead of "password doesn't meet the rules." I got some different error message when I tried using Russian obscenities, but I forget that error message.


The linked article addresses what, precisely, is bad about that list on a point by point basis. It's good reading!

Most web browsers now have built-in password managers. Here's to hoping that loop is soon closed with password generation!


That's what LastPass or OnePassword or KeyPass is for.


None of them come with the browser.


The link I provided gave some pretty good reasons, I thought.


If nothing else, the list itself is long and intimidating.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: