some rich people have been talking smack about privacy lately, and it's nothing new.
but it's got me thinking, how can we care so much about privacy when the best defenses we have for it are "we need privacy… because we do!" or "if we don't have privacy our world will eventually reflect Nineteen Eighty-Four!" these defenses are all unsatisfying to a thinking person.
I think I've come up with something better…
I've seen a lot of activity on the web about pleaserobme. I use Google Latitude, geotag my Twitter updates, and use foursquare1, and have some thoughts to share.
I just tried to join battle.net. it's been years since I've used it.
but some problems with my password:
Your password must contain at least one alphabetic and one numeric character.
and? are you saying that this DFA cannot possibly generate a secure password?
Wrong characters entered. Please enter valid punctuation(!"#$%).
you're kidding, right? what's wrong with a hyphen? or é?
Your password must be between eight and sixteen characters in length.
I have an idea. how about I type a password, and you hash it and shut up. this is ridiculous.
whenever I run into restrictions like this I question the service's ability to handle passwords securely.
edited on thursday february 18th, 2010 at 10:52:
DJ pointed me to WeakPasswords.org, to which I have added Blizzard/battle.net and UBS Financial Services.
UBS is a real treat. 6-8 characters, no symbols, no repeating chars, pretty much the easiest thing to brute force. and they control all the stock I get through my employer. shameful.
edited on thursday february 18th, 2010 at 11:35:
Paul, being a math person, points out that 1. forces users to avoid using stupid dictionary passwords, which is true. he's right.
I have to believe that any good brute force attack using a dictionary would also account for l33tsp34k1. the time increase is linear, so the bad passwords will still be broken fairly quickly. the solution isn't putting restrictions on passwords, but teaching people about security2
