LogFAQs > #968766378

LurkerFAQs, Active DB, DB1, DB2, DB3, DB4, DB5, DB6, DB7, DB8, DB9, DB10, Database 11 ( 12.2022-11.2023 ), DB12, Clear

Topic List	Page List: 1
Topic	Why do companies force you to make long passwords?
LinkPizza 10/16/22 9:52:38 PM #40:	Blue_Thunder posted... Getting branded in headlines as a company with poor security is a lot worse than losing a single customer. And tbh this is the first I've heard of someone threatening to leave a service over password requirements. That wouldnt be their fault, though. That would be on the customer. And Ive heard of some people leaving over passwords. Not a ton, but some. Usually older, though It more like they cant get into their account. And then they stop using it. And decide that why pay if they cant use it adjl posted... Which costs a non-trivial amount of operator wages (especially on the scale of every tech-incompetent person out there who would use a stupid password if they weren't forced not to), results in an unsatisfied customer that will review the service poorly (which no amount of "we encourage customers to use secure passwords" will mitigate), and generally just reflects very poorly on the company. Maybe. That said, couldnt the same thing technically happen if everybody still made easy to guess passwords while using the requirements? And I feel the operators would still have to be there, anyway adjl posted... Which is why they offer password recovery services. Perhaps more saliently, the most convenient way of terminating your relationship with the company (cancelling the service and removing your payment information) is locked behind your password. Even if you do decide you want to cut them off, it's generally going to be much more efficient and convenient for you to go through the password recovery process than to cancel the associated credit card or keep paying for the service until the card expires. By the time you get through the password recovery process, your problem is solved and your primary motivation to leave is gone, so the vast majority of customers annoyed by password requirements aren't going to follow through on cancelling. This isn't to say that password requirements are necessarily handled properly (most of them emphasize entropy over length, when longer passwords are overwhelmingly more secure than more complex ones), but there's absolutely no basis to think that it might be more beneficial for a company to allow users to leave their accounts unsecured than to impose some basic security requirements. I think you can just call and cancel, IIRC And I dont think you need a password for that. You may need some proof (or access to your email), though There are other ways, though. Depends on how much trouble the other ways would cost, though It just seems weird to have these requirements to me, is all That said, Ive never been hacked. So, that could be why I dont see the point in it. I already hated long passwords when our job made us use these 18 digit (at least) long passwords for this one site. And it had to be changed every 3 months. And it could be any of the last 6 used. Eventually, everyone basically had the same password. Which was 1qa2ws3ed and then shift, and the same thing. And then you just move over one line every time you changed. --- Official King of Kings Switch FC: 7216-4417-4511 Add Me because I'll probably add you. I'm probably the LinkPizza you'll see around. <cite>LinkPizza posted [p:968766378] in Why do com... [t:80199906]...</cite> <quote>Blue_Thunder posted...</cite><quote>Getting branded in headlines as a company with poor security is a lot worse than losing a single customer. And tbh this is the first I've heard of someone threatening to leave a service over password requirements.</quote>That wouldnt be their fault, though. That would be on the customer. And Ive heard of some people leaving over passwords. Not a ton, but some. Usually older, though It more like they cant get into their account. And then they stop using it. And decide that why pay if they cant use itadjl posted...</cite><quote>Which costs a non-trivial amount of operator wages (especially on the scale of every tech-incompetent person out there who would use a stupid password if they weren't forced not to), results in an unsatisfied customer that will review the service poorly (which no amount of "we encourage customers to use secure passwords" will mitigate), and generally just reflects very poorly on the company.</quote>Maybe. That said, couldnt the same thing technically happen if everybody still made easy to guess passwords while using the requirements? And I feel the operators would still have to be there, anywayadjl posted...</cite><quote>Which is why they offer password recovery services. Perhaps more saliently, the most convenient way of terminating your relationship with the company (cancelling the service and removing your payment information) is locked behind your password. Even if you do decide you want to cut them off, it's generally going to be much more efficient and convenient for you to go through the password recovery process than to cancel the associated credit card or keep paying for the service until the card expires. By the time you get through the password recovery process, your problem is solved and your primary motivation to leave is gone, so the vast majority of customers annoyed by password requirements aren't going to follow through on cancelling.This isn't to say that password requirements are necessarily handled properly (most of them emphasize entropy over length, when longer passwords are overwhelmingly more secure than more complex ones), but there's absolutely no basis to think that it might be more beneficial for a company to allow users to leave their accounts unsecured than to impose some basic security requirements.</quote>I think you can just call and cancel, IIRC And I dont think you need a password for that. You may need some proof (or access to your email), though There are other ways, though. Depends on how much trouble the other ways would cost, thoughIt just seems weird to have these requirements to me, is all That said, Ive never been hacked. So, that could be why I dont see the point in it. I already hated long passwords when our job made us use these 18 digit (at least) long passwords for this one site. And it had to be changed every 3 months. And it could be any of the last 6 used. Eventually, everyone basically had the same password. Which was 1qa2ws3ed and then shift, and the same thing. And then you just move over one line every time you changed. --- Official King of KingsSwitch FC: 7216-4417-4511 Add Me because I'll probably add you. I'm probably the LinkPizza you'll see around.</quote> ... Copied to Clipboard!
Topic List	Page List: 1