Who says dumb passwords aren't secure
Hum... I was recently watching an old "modern" beeb Sherlock Holmes esipod in which our Sherly was trying to guess the 4 digit password of The Woman. He had three tries. While he was trying, which took most of the esipod (seriously) I kept on shouting "1234". Well, think about it; if you have three tries and you know that the crimorist is really intelligent (or so) would you try a dumb password? After all, there's also "1111" and "9999" and you don't want to try the last one only to be told, over the exploding phone, that it was "0000".
Works for me, I'm out there on the innernet databases of people with really dumb password (sic). Not on a site I care about of course (I think the one in question was Forbes) but the fact that I actually use randomly generated 63 ASCII character strings on those sites which allow it (I use LastPass) doesn't mean that if I am faced with a UI which requires a 4 character pisswod (even if it includes capital letters, as in the beeb esipod in question) I have any chance of security. 4^36 anyone? Oh, only three tries...
But yes; the problem is not the user (me), it's the idiot software engineer savants who should know better. (Honest, me? Write software? What, NO!, you must be thinking of some other John Bowler with the eponymous password.)
John Bowler
Biting the hand that feeds IT
