I stopped reading there. This is such a load of crock. I mean, it's obvious this is a joke because it's just one static password, but seriously - people need to stop pushing this meme that more character sets gives more security.
Using VERY crude math you could say "Well there are 26 letters, so a 10-digit pure letter password has 26^10 possibilities but a 10-digit alphanumeric password has 36^10 possibilities, which is more!" but this assume that ALL 10 digits are random. This means that the odds of your password being "x8dh3kz7ln" are the same as the odds of your password being "aaaaaaaaaa". Because most people would say "aaaaaaaaaa" is insecure, they'd strip this from the list of "possible passwords", meaning there's now only 36^10-1 possibilities. You can see how this can be continued ad nauseum.
Here's the real kicker, though. People don't use RANDOM passwords. If you needed a 10-digit alphanumeric password you'd probably pick something like "jessica345". In this case your password template is "7 letters followed by 3 numbers", which gives (26^7)(10^3) possibilities (WAAAAAY less than 36^10). Worse yet, your password template might be "1 name followed by N numbers, where N is 10 minus the length of the name". Now the number of possible passwords AT MOST: X * (10^9), where X is the number of possible names (which is SIGNIFICANTLY lower than 26^7 and probably even lower than 26^4)
WORSE YET, when people DO use a random password, they can't remember it. So they write it down. On a post-it note. On their wall. Near their computer. All your security is now worth NOTHING.
This problem is only compounded when you add in symbols and crap that NO ONE can remember, because you can't pronounce them!
But you know what makes for a REALLY secure password? Length. Because 26^100 is way way way way way way WAY bigger than 100^26
In fact, if the length is sufficient, you don't even need a "random" password. A secure password could be something like "I like to walk my dog in circles on Wednesdays". No one will ever guess this, and a computer will never brute force it. But you know what the FREAKING problem is with this password?
"Your password is too long. Please enter a password less than 16 characters"
"Your password doesn't contain a number, a symbol, and a unicode character"
"Your password contains illegal characters, because we don't know how to cleanse database inputs and we store your password in plain text so please don't use any of the following: !@#$%^&*()-=_+[]{}|'";:/?.>,<"
I'm absolutely SICK of sites FORCING me to make crappy passwords.
8 comments
0 u/Fambida 15 Sep 2018 21:02
Is that supposed to be a joke site?
0 u/AllahuAkbarSH [OP] 15 Sep 2018 21:08
I don't know, yhe only thing we can be sure is if that was the safest pass, it's no longer
0 u/GinTrain 15 Sep 2018 21:19
I only use this for my banking sites... wait... shit, no I don't.
0 u/sadvulcan 15 Sep 2018 22:37
H4!b5at+kWls-8yh4Guq is what I got everyone else get the same?
0 u/Srazash 26 Sep 2018 11:31
Same, a friend also got the same... I guess it's just "the" most secure password, or was until they publicly shared it :P
0 u/hyperesthesia 22 Sep 2018 04:08
Features
I stopped reading there. This is such a load of crock. I mean, it's obvious this is a joke because it's just one static password, but seriously - people need to stop pushing this meme that more character sets gives more security.
Using VERY crude math you could say "Well there are 26 letters, so a 10-digit pure letter password has 26^10 possibilities but a 10-digit alphanumeric password has 36^10 possibilities, which is more!" but this assume that ALL 10 digits are random. This means that the odds of your password being "x8dh3kz7ln" are the same as the odds of your password being "aaaaaaaaaa". Because most people would say "aaaaaaaaaa" is insecure, they'd strip this from the list of "possible passwords", meaning there's now only 36^10-1 possibilities. You can see how this can be continued ad nauseum.
Here's the real kicker, though. People don't use RANDOM passwords. If you needed a 10-digit alphanumeric password you'd probably pick something like "jessica345". In this case your password template is "7 letters followed by 3 numbers", which gives (26^7)(10^3) possibilities (WAAAAAY less than 36^10). Worse yet, your password template might be "1 name followed by N numbers, where N is 10 minus the length of the name". Now the number of possible passwords AT MOST: X * (10^9), where X is the number of possible names (which is SIGNIFICANTLY lower than 26^7 and probably even lower than 26^4)
WORSE YET, when people DO use a random password, they can't remember it. So they write it down. On a post-it note. On their wall. Near their computer. All your security is now worth NOTHING.
This problem is only compounded when you add in symbols and crap that NO ONE can remember, because you can't pronounce them!
But you know what makes for a REALLY secure password? Length. Because 26^100 is way way way way way way WAY bigger than 100^26
In fact, if the length is sufficient, you don't even need a "random" password. A secure password could be something like "I like to walk my dog in circles on Wednesdays". No one will ever guess this, and a computer will never brute force it. But you know what the FREAKING problem is with this password?
I'm absolutely SICK of sites FORCING me to make crappy passwords.
0 u/AllahuAkbarSH [OP] 22 Sep 2018 05:53
Ok... take it easy, we love you... now go to sleep... easy... easy
0 u/IsaacJan 16 Oct 2018 15:59
Dude makes a fascinating point, fuck off.