Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-The Community !actuallyinfuriating has been born so that's where you should post the big stuff.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
There is little point of having a long password. Online accounts don't have the same issues as encryption
Edit: for those curious, here is my source https://cybersecuritynews.com/nist-rules-password-security/
My rationale is that online accounts typically don't get brute forced due to rate limiting and not protection. The NIST guidelines don't specify requirements for online accounts specifically but it does recommend a password of 16 characters in general. I don't really see any need to go above that as you are just making it harder on yourself.
I really hope you don't work in the tech industry.
I've yet to see anyone link to a source
Here is where I'm getting my info
https://cybersecuritynews.com/nist-rules-password-security/
you realize that they say the exact opposite of what you are saying, right?
You haven't provided any evidence to support your claim. Online accounts can't easily be brute forced.
If a hash is leaked you just change the password. As long as you aren't reusing the same password everywhere you are fine.
How do you know when a password is leaked?
What's the distribution of variance in brute force protections on online services?
Why would it matter? If they can access the password they probably can access everything else on that service. Just don't reuse passwords.
If the hashes are leaked and that’s immediately caught and customers are immediately informed, just change your password.
That's simply false. Increased length increases the entropy of a password, making it harder to brute force to gain access.
You have to go out of your way to restrict the length of passwords. There's absolutely no reason to do it, and it is contrary to all good security practices.
I'm not sure how you expect someone to brute force a web service. It is possible but it would be equivalent to a denial of service. Having long passwords for a online login makes no sense. A randomly generated 12 character password isn't any more or less secure than a 40 character password since they both take a unrealistic amount of time to brute force.
A 12 character password made up of standard characters would take 475,920,314,814,253,376,475,136 tries assuming you know the length. I don't see how someone could brute force a web service.
I will say I get annoyed at web services that require special characters since I like to use 3 words from the EFF extended word list.
how braindead are you?
How old are you?
The old security wisdom has been thrown out in favor of better practices. If you spend to much time focusing on one spot you will make everyone hate you while leaving gapping holes in your security.
your comments just make me hope that you never touch an IT system as a developer
https://xkcd.com/936/
Also https://xkcd.com/538/
I love wordlists
Think of it from a random guess perspective. Guessing a number randomly generated between 0-16 is easier than guessing one between 0-8.
Now think that all passwords are stored in certain amount of bits, so let's compare 4 and 8 bits.
Each bit has a chance to be either 0 or 1, so guessing a single bit's possibility is 1/2.
Guessing the correct orientation of 4 different bits takes 1/2^4^ = 1/16
Guessing the correct orientation of 8 different bits takes 1/2^8^ = 1/256
Now think passwords being stored in more bits(=longer password)
At a certain point it doesn't matter as the password is effectively unguessable.
One weakness with longer passwords is that if they are created by humans chances are it will be easier to guess the pattern. This is true for all human created passwords but I think the longer ones are worse since there is more space to create a easily guessable pattern.
Assuming a breach, and hashes are released, its significantly harder to bruteforce a long password.
Some (a lot) poorly set up websites may not even have a limit on password attempts, or cooldowns.
It won't matter if you use a password manager. You shouldn't rely on the website to keep your password safe. They could be storing it in plain text for all you know. (It has happened before)
pls elaborate
As long as the adversary doesn't have the ability to brute force the password locally, you have the ability to reset in the event of a leaked hash and you aren't reusing passwords you are fine with a shorter password. Obviously be mindful of easily guessable passwords or ones that are very short. However, a 12 digit sufficiently random password is fine. Don't fall into the trap of longer but easier to guess.
Don't do things like impossiblebatman1. Something like SalariedOverhand22 or imposiba1ttman
The first secure one I used diceware to generate two random words and then a random number generator to add a number. The second one I randomly changed spelling and the pattern to increase entropy.