Do Password Rules Make Us Safer?

Beekey Cheung on April 29, 2018

Passwords play a big role in protecting our data. Either a service provides a way to login with a password, or they provide a way to login with a... [Read Full]
markdown guide
 

What we need is a Password Manager -requirement, so people don't keep manually entering passwords to random sites. There is no human password generator that can generate good, memorable, and unique passwords to every website etc. they sign up on.

There is only one option available at the moment, password managers. LastPass, KeePass, Buttercup, and the like help you, by making you remember fewer passwords, and having the manager generate unique, good passwords for every other website. On top of that many of them even make it easier than manual signup & login by integrating to your browser.

Everyone really needs to use one.

Cheapest and most portable solution is likely KeePass database on a cloud drive of some sort (DropBox, OneDrive, Google Drive, ...) as most of those services provide a reasonable amount of storage for free.

The one thing missing from them being near-perfect is for a new web standard of some sort, e.g. <link rel="password-rules"> so every website can publish their own password requirements in a computer-readable format for password managers.

For the long term though we need a better way to get rid of passwords altogether, they're an awful solution at the modern internet scale.

 

I would like to say that how secure the password is doesn't matter. And I think that right now you are probably like "The hell did you read everything above" or "I think that maths says something different". And if you don't believe me just read below.

Many devs think that if they secure the passwords and make defence against brute force algorithm is everything then they aren't right. But yeah you need this too. But let's continue.

So now I am going to explain. Most hackers don't even need bruteforce algorithms. They are just used because sometimes can save time. BUT!!!!!! This is not the only method. A hacker can always log on in an account using SQLi or he can always find another vulnerability. But even if you make defence aginst these too then you can still get hacked.

You want examples? OK. I will say something like facebook. They have super good defence. BUT!!!!!! They still can't protect the accounts. Many hackers can hack into them + if you have served on the deep/dark web many of them do it for like 10-15$. Then does that mean they are secure? Yes , they are really secure.

BUT!!!!!! Many hackers use things like SE , cookie stealing , keyloggers and other methods. But what is so special about these methods. Well the users might be secured but there is no defence against their stupidity. With SE it can be pretty easy because you can always make a phisher and then BAM. Most of them get tricked. And I am sure that someone right now is like if they look in the URL first before they open the link. Well it can get encoded and lead to another URL. With cookie stealing and kellogers they can easily get your IP and remotly upload or extract data. There are other method but I will not discuss them.

Sorry for bad english.

Thanks for reading.

code of conduct - report abuse