Someone explain why this isn't actively stupid?

[digitaldiscipline]

Making my previous post, I was met with this after posting:

"Your password cannot contain symbols such as @,_, (),etc. Your password is too easy to guess. It's recommended that you change it, otherwise you risk having your journal hijacked."

So... LJ wants me to back off to a purely alphanumeric password because my... symbol-containing password is too easy to guess?

What are you people, fucking idiots?

Comments

[ceosanna.livejournal.com]

I wish I could use a long passphrase. My password at work has to be 16 characters long, but it can't contain any words found in the dictionary. Substituting symbols and numbers into a passphrase is brutal, and I mistype my password at least once a day.

[kat1031.livejournal.com]

Wow, that's silly, in two ways.

1. Research has consistently shown over and over again that length is far more important a factor than complexity. thequickbrownfoxjumpedoverthelazydog would take over 1000 years to crack using available tools and a standard computer. A shorter password takes exponentially less, dictionary words or not.

2. If they set a mandatory character length, it tells anyone who knows that exactly what parameter to use to start breaking it.

[hellsop.livejournal.com]

Plus, a 16-character password that can't have any substring exist as any dictionary word is, logistically, all but impossible to maintain separately from all one's OTHER passwords. Ergo, it WILL be written down someplace, and is far MORE likely to be duplicated across systems.