Reply to post: He has a point, but also contradicts himself

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Anonymous Coward

He has a point, but also contradicts himself

For starters: security doesn't begin with a long and secure password, the real security comes from a sane mindset. For example: how secure will your 10 character, alpha-numerical password become when the user applies this everywhere? And wake up call for Mr. Atwood: most users do not think beyond the annoyance of having to fill out a password. As such there's nothing bullshit about trying to steer them in the right direction.

Then there's a huge difference between passwords on a public network (such as the Internet) or those on a local LAN/WAN. Risk assessment at its finest: when the password becomes too difficult for an end user you can bet he'll write it down somewhere. Most probably on a sticky note attached to the monitor. At work you can't use the comforts of a password manager.

At least these "bullshit rules" still prevent John Doe from using "password01", "password02" and the infamous "password03" as his 10 length password.

His rant is based on interesting theories, but there's still a difference between those and the real world.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020