View Single Post
Old 07-18-2011, 05:49 AM  
raymor
Confirmed User
 
Join Date: Oct 2002
Posts: 3,745
We favor a kind of middle ground, and have built a free tool to make it easy for you to do.

When users choose their own, approximately 15% will choose password from the top
10 most popular. These are things like "password" and "123456". The bad guys know
what those top ten passwords are, and they will be guessed. So letting users choose
their own doesn't work too well. At least, not as most adult sites do it. The way
banks do it is a little better - you can choose your own, but subject to certain rules,
so you're not allowed to have "password" as your password. Of course, many sites
are TOO restrictive in their rules -- 8-10 characters, must start with a letter, must not ...
Longer passwords are always better, so 8-10 characters is a dumb rule.

Assigning random passwords also has problems. Paying customers are often people
who are not technically sophisticated enough to find what the want for free, so
they have trouble even TYPING "lI1Kg`O0^}+", much less REMEMBERING it.

The middle ground we use is to assign passwords that are easy for most people to
type and can even be remembered, but are not easy for the bad guys to guess.
The passwords created by our free tool look like words and can be pronounced
like words, so they can be typed. An example would be "betorling". That's easier to
type than "J(dD?/gW", and certainly easier to remember. "betorling" isn't really a
word, though, so it's not in the bad guy's dictionary.

The free password generator can be found at:
https://bettercgi.com/strongbox/passgen/
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids
raymor is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote