Poll of the Day > I don't like that GameFAQs added actual password requirements

(+) Yeah! (+)

For this account I wasn't able to use my awful password that I've given my GameFAQs accounts for ten years

I'd be in so little trouble if gamefaqs got breached just because my password is grandfathered and thus not usable anywhere else on the internet.
---

Any password under 16 characters long is pointless - may as well just be a singular letter at that point since that's less guessable.
---

Lokarin posted...

Any password under 16 characters long is pointless - may as well just be a singular letter at that point since that's less guessable.

How

MICHALECOLE posted...

Lokarin posted...

Any password under 16 characters long is pointless - may as well just be a singular letter at that point since that's less guessable.

How

If I asked a random person to guess my password with no further information, the odds of them guessing approach zero regardless of what the password is because the field of "not password" is infinite.

But when it comes to a brute force hack, length is one of the best factors contributing to the number of bits of entropy that password contains.

http://rumkin.com/tools/password/passchk.php
---

Lokarin posted...

MICHALECOLE posted...

Lokarin posted...

Any password under 16 characters long is pointless - may as well just be a singular letter at that point since that's less guessable.

How

If I asked a random person to guess my password with no further information, the odds of them guessing approach zero regardless of what the password is because the field of "not password" is infinite.

But when it comes to a brute force hack, length is one of the best factors contributing to the number of bits of entropy that password contains.

So how is it pointless to have a gamefaqs password under sixteen characters

And a brute force hack isnt guessing a password

Gamefaqs passwords have requirements? When did that happen?
---

MICHALECOLE posted...

So how is it pointless to have a gamefaqs password under sixteen characters

Oh, I meant passwords in general. It's just a rule of thumb, length = good
---

Having password with requirements are making things worse, I think. I know people who are now making password either similar, the same, easier, and or a straight line of 3 or 4 through number and letters, and then again while holding shift because it's suppose to be more secure because they can't remember longer passwords for everything that requires one these days. And didn't the guy who made that rule say that he thinks he was wrong. And that just picking 4 random words in order was actually a better way of creating a password.
---

MICHALECOLE posted...

And a brute force hack isnt guessing a password

What? Yes is it. Brute forcing is using a computer to rapidly guess passwords until you get it right.

MICHALECOLE posted...

So how is it pointless to have a gamefaqs password under sixteen characters

If I want to guess your password and it's only 1 character long, let's say there are like 70 characters it could be (I don't know the number, but it's probably relatively close because you're not likely to be using all of Unicode). I have 70 potential passwords. If it's two characters long, I then have to guess and get both correct, which means 70*70=4900 possible options. Three means 70*70*70 and so on. The longer a password is, the more potential passwords could be within that length, and thus the longer a computer has to guess. Not to mention the fact that it doesn't know the length and thus it must guess that too, and longer passwords are less common.

Now to be fair, using data mining and machine learning, it's getting easier to guess passwords because human beings are predictable. To truly have a strong password, length is important, but so is being closer to true random.

LinkPizza posted...

Having password with requirements are making things worse, I think. I know people who are now making password either similar, the same, easier, and or a straight line of 3 or 4 through number and letters, and then again while holding shift because it's suppose to be more secure because they can't remember longer passwords for everything that requires one these days. And didn't the guy who made that rule say that he thinks he was wrong. And that just picking 4 random words in order was actually a better way of creating a password.

Using a passphrase for your password is dangerous because machine learning has picked up on this. Algorithms can guess passwords that use dictionary words more easily. Best practices still include password requirements that are pretty heavy, but no longer recommend changing passwords. That's the part that is no longer a best practice, because it meant people were either writing things down or making iterative passwords. It's best to have strong passwords that you only change when needed (i.e. in the event of a breach).

Current best practice recommends using a phrase or sentence, often a song lyric, and creating a rule you can remember. Maybe you take the first letter of each word, capitalize every fifth letter, replace some letters with numbers, and slap a symbol where it makes sense. Stuff like that. It's actually quite easy to remember (you just remember the phrase and rule) and yet it looks like random nonsense. Let's take this sentence and apply that rule to it: L77s!aA7r7i
See? I just made a gibberish password that would be very hard to brute force. Ideally it would be a little bit longer, so consider longer phrases.

Veedrock- posted...

I'd be in so little trouble if gamefaqs got breached just because my password is grandfathered and thus not usable anywhere else on the internet.

same.

no capitals, no numbers, no special characters, only 5 letters
---

I question how much safer passwords are now. As passwords get longer and more complex, people need to write them down out of sheer necessity.
---

SushiSquid posted...

Current best practice recommends using a phrase or sentence, often a song lyric, and creating a rule you can remember. Maybe you take the first letter of each word, capitalize every fifth letter, replace some letters with numbers, and slap a symbol where it makes sense. Stuff like that. It's actually quite easy to remember (you just remember the phrase and rule) and yet it looks like random nonsense. Let's take this sentence and apply that rule to it: L77s!aA7r7i
See? I just made a gibberish password that would be very hard to brute force. Ideally it would be a little bit longer, so consider longer phrases.

It would also be significantly more difficult to remember and significantly easier to brute force than "saucyfrenchostrichmanoeuvres", for example.

Of course, now that I've typed that phrase out and posted it on the internet, it has an information entropy of effectively 0. So don't use it.
---

SushiSquid posted...

MICHALECOLE posted...

And a brute force hack isnt guessing a password

What? Yes is it. Brute forcing is using a computer to rapidly guess passwords until you get it right.

MICHALECOLE posted...

So how is it pointless to have a gamefaqs password under sixteen characters

If I want to guess your password and it's only 1 character long, let's say there are like 70 characters it could be (I don't know the number, but it's probably relatively close because you're not likely to be using all of Unicode). I have 70 potential passwords. If it's two characters long, I then have to guess and get both correct, which means 70*70=4900 possible options. Three means 70*70*70 and so on. The longer a password is, the more potential passwords could be within that length, and thus the longer a computer has to guess. Not to mention the fact that it doesn't know the length and thus it must guess that too, and longer passwords are less common.

Now to be fair, using data mining and machine learning, it's getting easier to guess passwords because human beings are predictable. To truly have a strong password, length is important, but so is being closer to true random.

yeah my stepfather actually has decent passwords. it relates to stuff he does for work but to anyone else its literally just a long ass series of numbers. think like 18-20 digit numbers. works for him though cause hes been in his job industry so long the numbers are burned into his brain so he has no issue memorizing them without needing to write them down somewhere.
---

if the gamefaqs login system (or amazon, facebook, whatever) is actually allowing brute force to happen, password strength isn't really the problem

mooreandrew58 posted...

SushiSquid posted...

MICHALECOLE posted...

And a brute force hack isnt guessing a password

What? Yes is it. Brute forcing is using a computer to rapidly guess passwords until you get it right.

MICHALECOLE posted...

So how is it pointless to have a gamefaqs password under sixteen characters

If I want to guess your password and it's only 1 character long, let's say there are like 70 characters it could be (I don't know the number, but it's probably relatively close because you're not likely to be using all of Unicode). I have 70 potential passwords. If it's two characters long, I then have to guess and get both correct, which means 70*70=4900 possible options. Three means 70*70*70 and so on. The longer a password is, the more potential passwords could be within that length, and thus the longer a computer has to guess. Not to mention the fact that it doesn't know the length and thus it must guess that too, and longer passwords are less common.

Now to be fair, using data mining and machine learning, it's getting easier to guess passwords because human beings are predictable. To truly have a strong password, length is important, but so is being closer to true random.

yeah my stepfather actually has decent passwords. it relates to stuff he does for work but to anyone else its literally just a long ass series of numbers. think like 18-20 digit numbers. works for him though cause hes been in his job industry so long the numbers are burned into his brain so he has no issue memorizing them without needing to write them down somewhere.

I use to use a long series of numbers as a password for work a long time ago. I just said a sentence & changed it numbers using a code I developed there while I was bored.

nesrtkfan posted...

if the gamefaqs login system (or amazon, facebook, whatever) is actually allowing brute force to happen, password strength isn't really the problem

True. It's only a matter of time if that's what they're doing.
---

nesrtkfan posted...

if the gamefaqs login system (or amazon, facebook, whatever) is actually allowing brute force to happen, password strength isn't really the problem

Well yeah, this too. Brute force isn't possible on most systems because you shouldn't allow shit like guessing 10 million times.

I almost always make up imaginary words and add some numbers in that have meaning to me, but aren't possible to suss out by knowing details about my life.

The meta-game you're really playing is site to site anyways. Your password strength on GameFAQs matters less than the security of the GameFAQs user data, and having many different passwords in case that data is ever compromised. It doesn't matter if your password looks like "m#4Ek~$R(eu3O;Zb0&nN7H$-@5KtMBu0" if you use it everywhere, including sites with bad security practices. If that's also your PayPal password when one of those other sites is broken into, you're in trouble.
---

Honestly, you could use your username as your password here and you'd probably be fine. No one cares about this site that much.

And I'm a primary color ffs.
---

hacked bitches
---