ANSWERED - I - registration password generator

#1

Silly item: when registering, I accepted the long password offered - but it was rejected since it did not contain a non-alphanumeric character. It seems your built-in password generator offers passwords that are not acceptable.

#2

I believe you probably mean Chrome’s built-in password generator, because I didn’t see any custom password generator on ShakeNet. Chrome has had a built-in password manager for a while though, and I believe it indeed generates alphanumeric passwords only because some services do not work with non-alphanumeric passwords.

That does bring another issue though, studies (for example https://www.semperis.com/blog/microsoft-upends-traditional-password-recommendations-with-significant-new-guidance/ ) have shown that password composition requirements do not improve security. In fact, it’s been suggested four number PIN’s would be best if e-mail confirmation is required after getting it wrong a few times. In addition, while the amount of earthquakes I might be experiencing might be classified information for a home-seller, I don’t really see that ShakeNet requires that high level of security.

#3

is that where the password comes from? ha!
Seems like there is scope for an interface where the password request (for a new password only) tells the password generator the specs for the wanted password.
Anyway, I agree that these huge/complicated passwords should only be used only for access to my bank account with the implicit understanding that the size of the password is to make me feel better and not to actually achieve security…

#4
  • yes - ShakeNet does not provide a password generator, this is being done by the browser itself (whatever its name)
  • yes - crazy passwords don’t increase security since you can’t remember them, so have to store them somewhere, which is probably not a safe place
  • yes - the ShakeNet requirements for passwords is actually specified by the software we are using.
  • yes - that these pw requirements are not protecting truly sensitive data makes me think the requirements are too sever.

we will be looking into this to come up with a pw scheme that is better balanced.

richard