?

Log in

No account? Create an account

Previous Entry | Next Entry

No, Really

I've been getting a message from the LJ server that says that my password is too easy to guess. Is that true? Could any of you who know me guess my password? I doubt it.

The results are only viewable to me, so that when I realize that you've all guessed it and change it in a panic, I don't want you to know that you were right.

Poll #600180 What Is My Password?

Based on what you know about me, what do you think is my password?

Comments

( 13 comments — Leave a comment )
mortaine
Oct. 28th, 2005 03:21 pm (UTC)
The password warning has little to do with whether we know you or not. It has to do with whether a password-cracking program can guess your password.

They update the password algorithm recently to make it tougher on those programs.
junglemonkee
Oct. 28th, 2005 03:24 pm (UTC)
I know that's true, but really, once you've cracked my password, what do you get? Even my actual real friends aren't interested enough to want to devote that kind of time to my LJ.
kr8vkat
Oct. 28th, 2005 03:41 pm (UTC)
I keep getting the same warning and I wonder "Do I really care???"

I don't think I do.
mortaine
Oct. 28th, 2005 05:05 pm (UTC)
The plan is to (soon) disable account features for non-secured password accounts.
kr8vkat
Oct. 28th, 2005 05:15 pm (UTC)
Which means what? That is we don't update our passwords, we won't be able to get into our LJs? Or only that certain features won't work anymore?

They should have a warning about that when they give you the "your password is too easy to guess" screen.
alleahna
Oct. 28th, 2005 05:21 pm (UTC)
I completely agree. I dislike companies, institutions, etc. that aren't up front about why they're doing certain things. Oh, I'm sure if I cared to I could probably hunt that information down but I really don't care to.
mortaine
Oct. 28th, 2005 05:36 pm (UTC)
LiveJournal has over 8 million accounts. Viruses and malware programs have been written to specifically exploit insecure LiveJournal accounts. People have ignored the password warnings before, have had their accounts exploited, and the exploited information then used maliciously. A few bad apples spoil it for everyone.

There are very good reasons for making the password algorithm more secure, and a FAQ for how to pick a secure one.
hangedwoman
Oct. 28th, 2005 08:14 pm (UTC)
I'm not sure, but I believe I read that the short version is that they're giving the warning to all people who don't use numbers in their passwords - which to me always seemed a little odd, since numbers are just base 10, while letters are base 26 - well, really base 52 because of capital letters.
mortaine
Oct. 28th, 2005 05:32 pm (UTC)
And there will be, when they get closer and closer to enforcement. The things that won't work are basically anything except logging in and changing your password.

There is a post here about it-- basically a preview for Support volunteers for what's happening with it.
kr8vkat
Oct. 28th, 2005 05:49 pm (UTC)
There were some good points in the comments of this post that I hadn't thought of (like, if someone hijacks your account, they can spam your friends' list and/or read your friends' FO entries) so thank you for pointing it out.

I will say it again though - "they" could do a better job, even at this early "we're just giving warnings" stage, of explaining WHY people are suddenly getting this message. I mean, I've had the same password since forever, and it's never been a problem, so I was both confused and annoyed when I started getting the message. Also, it was confusing to get it only when I updated, and not every time I logged in.

I suppose I should "tell it to Support", shouldn't I?
composerjk
Oct. 28th, 2005 05:22 pm (UTC)
Umm. Where is that info detailed? When limiting the format of a password, they're also limiting the search space to guess the password.

Thanks. Curious.
mortaine
Oct. 28th, 2005 05:37 pm (UTC)
Internal announcement: http://www.livejournal.com/community/lj_support/590322.html - there will be more public announcements as they move towards enforcement (in LiveJournal-land, a plan to do something can take years to get around to implementing).

FAQ on password requirements: http://www.livejournal.com/support/faqbrowse.bml?faqid=71
composerjk
Oct. 28th, 2005 05:53 pm (UTC)
Ah, that's why I hadn't seen it. I did look through the news and dev areas. The "password requirements" are listed as guidelines. I've read them before. A password can violate those "rules" and still be a good password. Anyways, I won't go back and forth on this anymore here (in junglemonkee's LJ).
( 13 comments — Leave a comment )