Someone explain why this isn't actively stupid?

[digitaldiscipline]

Making my previous post, I was met with this after posting:

"Your password cannot contain symbols such as @,_, (),etc. Your password is too easy to guess. It's recommended that you change it, otherwise you risk having your journal hijacked."

So... LJ wants me to back off to a purely alphanumeric password because my... symbol-containing password is too easy to guess?

What are you people, fucking idiots?

Comments

[i-renovated.livejournal.com]

Yep, I've had that before and had to change. Dipshits.

[kat1031.livejournal.com]

Using symbols, not just letters doesn't really make a more secure password. p@ssword is not more secure than password. Brute force tools make the common substitutions easily and it doesn't increase the time to force the password.

If LJ really cared about security, they'd encourage users to use very long passphrases, rather than 6-8 char passwords.

[ceosanna.livejournal.com]

I wish I could use a long passphrase. My password at work has to be 16 characters long, but it can't contain any words found in the dictionary. Substituting symbols and numbers into a passphrase is brutal, and I mistype my password at least once a day.

[kat1031.livejournal.com]

Wow, that's silly, in two ways.

1. Research has consistently shown over and over again that length is far more important a factor than complexity. thequickbrownfoxjumpedoverthelazydog would take over 1000 years to crack using available tools and a standard computer. A shorter password takes exponentially less, dictionary words or not.

2. If they set a mandatory character length, it tells anyone who knows that exactly what parameter to use to start breaking it.

[hellsop.livejournal.com]

Plus, a 16-character password that can't have any substring exist as any dictionary word is, logistically, all but impossible to maintain separately from all one's OTHER passwords. Ergo, it WILL be written down someplace, and is far MORE likely to be duplicated across systems.

[lil-m-moses.livejournal.com]

I've been ignoring that warning for years on my other account to no ill effect, but have started getting it on this one in the last couple of days, but only on the home machine on which I stay logged in, not at work, where I log in daily.

[depotmode.livejournal.com]

I have a purely alphanumeric password and I'm getting the same message. I think it went into effect at the same time the new friends layout did. Which is also a big fat fail.

[ldybastet.livejournal.com]

I've found out (through reading some 2000 comments regarding the upcoming downgrade of the flist reading page) that this is actually a bug and a ticket has been filed. :D (But they're ignoring hundreds of users reporting the glaring whitespace of the new flist page is giving them migraines, of course. Good old LJ.)

[clevermanka.livejournal.com]

I'm getting this error, and my password is pretty damn good. I used to work IT. I know how to make passwords, and my password conforms to all the things they say it should. So...yeah. Whatev.

Glad to hear the message is a bug.

Edit: Also, my current password does contain a symbol, so I don't know what the fuck they're smoking saying it can't, now.