The headline goes a little far, this mostly seems to be about hardware (routers or internet-of-things-y devices) shipping with "admin" "password" logins by default. Not banning weak passwords for...
The headline goes a little far, this mostly seems to be about hardware (routers or internet-of-things-y devices) shipping with "admin" "password" logins by default. Not banning weak passwords for websites, internal networks or private use.
My concern about this is that I'm guessing a company will come up with an algorithm to generate unique passwords for new routes (and such) and then if/when that gets solved it could leave people...
My concern about this is that I'm guessing a company will come up with an algorithm to generate unique passwords for new routes (and such) and then if/when that gets solved it could leave people susceptible as they may be less likely to change the default password if they already believe it's strong.
I like the idea of a start-up proc that forces a password set on set-up though.
Of course, with a startup proc requiring users to generate passwords, you still end up with the top ten most used passwords. The device should set some sort of security policy requiring a secure...
Of course, with a startup proc requiring users to generate passwords, you still end up with the top ten most used passwords. The device should set some sort of security policy requiring a secure password to be generated by the user, or to use a code that's generated at the time of setup (like how web browsers will suggest passwords)
Obviously, more thought should be put into how these auto-passwords are generated, since there's no true random, but pushing users to create a real password with standards is always a step in the right direction. At least the password won't be printed on the device itself.
Nah fuck that, if I want to admin/password on my router after setting it up with some auto-generated code I don't think you should have the right to dictate to me that I can't.
The device should set some sort of security policy requiring a secure password to be generated by the user, or to use a code that's generated at the time of setup
Nah fuck that, if I want to admin/password on my router after setting it up with some auto-generated code I don't think you should have the right to dictate to me that I can't.
FWIW I just use really long simple passwords like "thisistheroutersadminpassword" (no that's not my actual password), so they are much more secure than admin/password (insert correct horse battery...
FWIW I just use really long simple passwords like "thisistheroutersadminpassword" (no that's not my actual password), so they are much more secure than admin/password (insert correct horse battery stapler XKCD here). I was just voicing disagreement with an enforced standard, especially since people will probably fuck it up in exactly the way you mentioned and people will make their router password "Pas$w0rd" which can be cracked pretty fast
There really should be more laws pertaining to web services passwords and login attempts. There are dictionaries full of millions of passwords and for a lot of websites, all it would take a simple...
There really should be more laws pertaining to web services passwords and login attempts. There are dictionaries full of millions of passwords and for a lot of websites, all it would take a simple brute force to get into thousands of accounts. The only thing stopping people is the legal repercussions of doing that sort of thing. We are going to keep seeing bigger and bigger wide-scale attacks if something isn't done.
Chrome has a key generator, kind of like a password manager but integrated into the browser by default. I think security is something that is starting to get attention and things like dictionary...
Chrome has a key generator, kind of like a password manager but integrated into the browser by default. I think security is something that is starting to get attention and things like dictionary integration and such will only become more available.
Sorry maybe I should have clarified, I don't think there should be more laws about what people use as passwords. There needs to be more laws surrounding what web services accept as passwords and...
Sorry maybe I should have clarified, I don't think there should be more laws about what people use as passwords. There needs to be more laws surrounding what web services accept as passwords and how many log in attempts they allow.
quick edit: and a lot of websites (like tildes) have started implementing checks like that but it's way too easy for services to ignore the danger of allowing compromised passwords. people just aren't aware enough of how dangerous insecure passwords can be until they've been hacked.
The headline goes a little far, this mostly seems to be about hardware (routers or internet-of-things-y devices) shipping with "admin" "password" logins by default. Not banning weak passwords for websites, internal networks or private use.
Ya, the main points from the article are:
My concern about this is that I'm guessing a company will come up with an algorithm to generate unique passwords for new routes (and such) and then if/when that gets solved it could leave people susceptible as they may be less likely to change the default password if they already believe it's strong.
I like the idea of a start-up proc that forces a password set on set-up though.
Of course, with a startup proc requiring users to generate passwords, you still end up with the top ten most used passwords. The device should set some sort of security policy requiring a secure password to be generated by the user, or to use a code that's generated at the time of setup (like how web browsers will suggest passwords)
Obviously, more thought should be put into how these auto-passwords are generated, since there's no true random, but pushing users to create a real password with standards is always a step in the right direction. At least the password won't be printed on the device itself.
Nah fuck that, if I want to admin/password on my router after setting it up with some auto-generated code I don't think you should have the right to dictate to me that I can't.
FWIW I just use really long simple passwords like "thisistheroutersadminpassword" (no that's not my actual password), so they are much more secure than admin/password (insert correct horse battery stapler XKCD here). I was just voicing disagreement with an enforced standard, especially since people will probably fuck it up in exactly the way you mentioned and people will make their router password "Pas$w0rd" which can be cracked pretty fast
Random key generation isn't very hard and if you're lazy you can always just use a guid and call it a day.
"This password contains characters known to the state of California to cause
cancerhacking"There really should be more laws pertaining to web services passwords and login attempts. There are dictionaries full of millions of passwords and for a lot of websites, all it would take a simple brute force to get into thousands of accounts. The only thing stopping people is the legal repercussions of doing that sort of thing. We are going to keep seeing bigger and bigger wide-scale attacks if something isn't done.
Chrome has a key generator, kind of like a password manager but integrated into the browser by default. I think security is something that is starting to get attention and things like dictionary integration and such will only become more available.
Sorry maybe I should have clarified, I don't think there should be more laws about what people use as passwords. There needs to be more laws surrounding what web services accept as passwords and how many log in attempts they allow.
quick edit: and a lot of websites (like tildes) have started implementing checks like that but it's way too easy for services to ignore the danger of allowing compromised passwords. people just aren't aware enough of how dangerous insecure passwords can be until they've been hacked.