A website once complained my password contained 3 consecutive letters there were 1 away from each other. This was back when I used sentences for passwords. It was complaining about the word worst because of r-s-t.
That’s wack. Passphrases are second only to random passwords generated by a password generator in terms of security, character proximity doesn’t matter with that much length.
Sysadmin: “A clear indication of phishing email is the sense of urgency. We would never send out any email regarding urgent updates that needs immediate action.”
Also sysadmin: “URGENT!!! You must update your system now before Friday!!! Click link here for instructions! Otherwise you will be locked out!”
Then they have you make it some 12 character length minimum string with mixed case and special characters and dictionary lookup so it isn’t some common phrase but you’re also logging in through a telnet instance onto a Unix system.
Need the opposite costume, the overly eager sys admin.
My fucking uni is trying to move to passwordless, but you will always need a password to log onto any lab device, and to the wifi, so why?
I mean you don’t actually need a password for that when it’s implemented the right way
see
A website once complained my password contained 3 consecutive letters there were 1 away from each other. This was back when I used sentences for passwords. It was complaining about the word worst because of r-s-t.
That’s wack. Passphrases are second only to random passwords generated by a password generator in terms of security, character proximity doesn’t matter with that much length.
Sysadmin: “A clear indication of phishing email is the sense of urgency. We would never send out any email regarding urgent updates that needs immediate action.”
Also sysadmin: “URGENT!!! You must update your system now before Friday!!! Click link here for instructions! Otherwise you will be locked out!”
Spot on. We’re changing XYZ policy and we need everyone to do this training within the week. Wait, why’s no one opening my emails
Then they have you make it some 12 character length minimum string with mixed case and special characters and dictionary lookup so it isn’t some common phrase but you’re also logging in through a telnet instance onto a Unix system.
As someone in the InfoSec field, I also hate those people.