Real Security?

An anonymous reader writes "A recent article at Ask Tog raised the common argument about how much security is good. Tog says: 'I've been watching security people for years as they've slowly increased the security of everything they can get their hands on until any idiot can wander in.' Is this the case? Are we increasing security too much, so that the users circumvent it? Should we be allowing simple passwords?"

THANKS FOR TELLING EVERYONE MY PASSWORD, ASSHOLE

[Anonymous Coward]

Passwords?

[R33MSpec]

I haven't changed my password here on Slashdot since I joined^H^H^H^H^H^H^NO CARRIER

Re:Definitely

[G-funk]

Oh my god.... I have the exact same password on my luggage!

Re:Definitely

[glenebob]

So... what's your IP address... Just curious :-)

A Simple Exercise In Self-Auditing

[Bowie J. Poag]

Exercise: Make a drawing on paper of what your system looks like from the point of view of people on the outside. Draw it in a similar fashion to how one might draw a house, or a favorite car.

A) If your picture looks like or includes any of the following objects, proceed to step C:

. A block of swiss cheese
. A large question mark
. A fat mall-cop with powdered sugar around his mouth
. A small child in a corner, crying, holding a security blanket
. A Diebold voting terminal

B) If your picture looks like or includes any of the following objects, proceed to step C:

. Fort Knox
. A medieval castle under siege with the invaders having boiling tar poured on them.
. A resettable Viet-Cong boobytrap with dozens of pigs already skewered on it
. The business end of a .357 Magnum
. An illuminated Jesus standing atop an Sun E10K
. A solid, faceless slab of hyperdense radioactive metal extracted from the heart of a neutron star

C) You need to increase your system's security.

Re:Annoying security leads to circumvention

[Anonymous Coward]

Shhhhh, don't tell them about ssh damnit! I am always at work - just check the logs...

Re:Definitely

[red floyd]

Roland: One.
Dark Helmet: One.
Colonel Sandurz: One.
Roland: Two.
Dark Helmet: Two.
Colonel Sandurz: Two.
Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three.
Roland: Four.
Dark Helmet: Four.
Colonel Sandurz: Four.
Roland: Five.
Dark Helmet: Five.
Colonel Sandurz: Five.
Dark Helmet: So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

My personal favorite

[DaveAtFraud]

P4ssw0rd!

You will note that it has all of the elements of a good password such as both upper and lower case letters, numerals as well as characters and punctuation. Its also easy to remember.

Re:Moore's Law vs. Evolution

[balloonhead]

But why is it that I occasionally have a mental blank and can't remember my PIN, having to turn tail and run after two failed attempts until the next day when I can try again, but when I am so blind drunk I can barely walk or speak, I can stagger two miles home, extract 10 pounds from my account (sometimes at two different terminals), get a kebab, navigate through two locked doors, urinate, undress, and get into (or near, sometimes) my bed?

And who can explain the last three ex-girlfriends' phone numbers that I remembered to call at 4am too? I sure as shit can't remember them during the day.

Re:My personal favorite

[Frymaster]

i tell users to do this for passwords:

- one of the three digit sets of your license plate
- the first three letters of your mother's maiden name
- the numbe of fillings you have

stick em together and you have a seven or eight character password that looks like garbage but still can be remembered by the user.

of course it's possible for someone to reconstruct this but it would definitely have to be an inside job - probably by a dentist.

Re:My personal favorite

[NamShubCMX]

(r00t)(iZ)(g0d)

:)

asterisk^8

[meowsqueak]

My password is easy to remember, it's just eight asterisks:

'********'

Sometimes I forget exactly how many, but I usually get it right the second time.

Re:THANKS FOR TELLING EVERYONE MY PASSWORD, ASSHOL

[bechthros]

that's funny, that's the same combination I've got on my luggage

Hail Scroob!

Re:THANKS FOR TELLING EVERYONE MY PASSWORD, ASSHOL

[Dhar]

Now we just need to find your machine.

-g.

Re:Forced password changes

[pipingguy]

If you've done a dictionary search...

Slashdot is a great place to find alternative spelling that one can use as inspiration while thinking up passwords.

Re:Definitely

[Anonymous Coward]

My post-it note scheme is very secure. I'm a doctor.

Re:different levels of importance

[gregfortune]

That made me grin :) Just listen to all the busy little keyboards as rokzy is tried as a username by 27,000 people at /., buy.com, CompUSA, Newegg, Amazon, and B&N. Someone is getting some free hardware tonight..

Re:Obvious

[Anonymous Coward]

You get a cavity.

YES!

[IndependentVik]

Now I can finally log in as this mysterious "Anonymous Coward".

Re:Two minds about it

[citog]

You must live in one of the areas with low internet penetration ... I've had the shit kicked out of me several times just for my /. password

Re:Don't know my own password

[hazem]

I'd have to first find a QWERTY keyboard, sit down, place both hands in the right position on the keys and start typing into a text editor.

I had a hell of a time in France once (I'm a USian). I couldn't log into my e-mail and I kept carefully typing my password many times. After about 15 minutes and a whole lot of profanity, I typed my password in a text editor only to realize that on that keyboard the numbers are shifted and the corresponding punctuation is non-shifted.

I'm sure it was just some fiendish French plot or something.