this post was submitted on 07 Jun 2023
523 points (98.0% liked)

Asklemmy

44151 readers
2859 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

Im joining in on the reddit ditching thing, and was kinda worried at first that i wouldnt be able to like use it the way i did reddit as it feels like a whole new place, but after engaging with posts and people and actually being a part of lemmy rather than being lurk mode all the time i was pleasantly surprised with how easy it is to become a member of the community, theres a reasonable amount of subs (or whatever the other word for em is) that fit my interests, enough linux content and shitposting for my liking, and the overall random posts made by people equally fed up with Leddit. (also i admit i used reddit a little cus there was this post on the fedora sub showing how to fix a sound issue i been having after a recent update)

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 6 points 2 years ago* (last edited 2 years ago) (1 children)

Requiring a 10 character password with additional character conditions is going to turn a lot of possible new users OFF. It should be 6 characters, with no conditions.

I gather that is not your case and I see what you mean if I think about my parents for instance, but objectively I can only think that a 6 characters password with no restrictions (e.g. 123456) might have been "okeish" and yet still object of jokes 20 years ago, but now it shouldn't absolutely be passed as a norm anyway close to "adeguate", users need to be correctly educated on their own security awareness in general, but also especially here because the it is very likely that the instance where the user account is registered to will not have any paid customer service around to solve their users issues with account security breaches because of their weak passwords.

So regarding passwords for the casual as for the expert user once and for all the xkcd comics stripe on passwords:
https://xkcd.com/936/

and here is a couple of handy online and downloadable generators inspired from that comics stripe:
https://xkpasswd.ethanify.me/
https://xkpasswd.net/s/

But also learn to use password managers! Which also come often with their own handy password generators btw. The gist of it is that you need to remember only one password for the manger, and in turn it is going to remember and service for you your credentials for all your accounts. .

For instance for the average casual user Bitwarden should more than suffice, it is free, has a freely managed remote service, apps for mobile and extensions for the browsers, it is open source and has been audited: https://bitwarden.com/

I perfectly know that is a an uphill process, I can see that with my parents, but I also like to think that maybe if something I tell them about how to manage their passwords is able to stick in their mind then one day it might save them from being robbed online for always using the same few charters password everywhere for every effing website.

[โ€“] [email protected] 2 points 2 years ago* (last edited 2 years ago) (1 children)

So regarding passwords for the casual as for the expert user once and for all the xkcd comics stripe on passwords: https://xkcd.com/936/

And when I use a passphrase that my password manager generated, the sign up form called it "weak".

A much shorter password (about half as many characters) that is arguably weaker and has less entropy was considered "strong". Just because it had punctuation.

[โ€“] [email protected] 1 points 2 years ago* (last edited 2 years ago)

And when I use a passphrase that my password manager generated, the sign up form called it โ€œweakโ€.

Then respectfully it might be your fault, but I don't know the metrics for which Lemmy rate the passwords, you can also use this other estimator, download the local version of course:
https://github.com/dropbox/zxcvbn

I for instance used a simple setting:

and got:

;;75.cupcake.manly.argument.53%%

testing it on https://lowe.github.io/tryzxcvbn/

Lemmy although gives it a "medium" quality rating to the password, so I guess it must estimate it differently