This Really Annoys Me Pet Peeve Thread

Yakima 728
Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum

Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Status
Not open for further replies.
All of these ^ are hard to hack, but easy to remember if you recall the phrase and adopt a coding rule.

I have a pretty long password that I never forget and rarely type wrong.

I also use, Lastpass
 
Here's another;

Donald Trump likes to watch Russian whores piss on mattresses. Jan 20th 2017

DoTrLiToWaRuWhPiOnM@012017
 
Those are all terrible passwords.

My pet peeve is dumb password rules. It has to have an uppercase, a lowercase, a number, a symbol, can't contain any words that are in the dictionary, can't include the same letter back-to-back... It's focusing on the wrong thing.

You were close, when you suggested:

Schlenkerla said:
You can also do "person, place, thing, and date"..... password

For example;

Michael Jordan, Chicago, b@sketball 1984
Click to expand...

I like the "person, place, thing, and date" idea, but no need to abbreviate or substitute in weird characters. "MiJoChB@1984" is both far less secure and much harder to remember than simply "MichaelJordanChicagoBasketball1984."

Length is far more important than complexity. See this XKCD comic for an illustration:

password_strength.png
 
How about this rule? Your password must be at least 8 characters long. If it's less than 14 characters long, then all those dumb rules can still apply. But if it's 14 characters or longer, the rules get much more lenient, basically just preventing me from using a password of "aaaaaaaaaaaaaaaaaaaaaaa" or the like. Everything else would be fair game.
 
yes, you know my password

good luck guessing my username

but I'll give you a hint: it ain't GROGNERD
 
Automatic flushing toilets, especially the ones with an overly powerful flush that sprays out of the bowl.

Just got splashed with diarrhea toilet water without warning.
 
Speaking of which, I probably need to change my lastpass password.

Granted, it's not a dictionary word. In fact, it's not even English. And it's misspelled from the original language it's in. And there are special characters and numbers...

But per that xkcd comic, it's still WAY too short.

So although I think it would be impossible for anyone to "guess" my password, it might be too easy for a computer to crack.
 
bwarbiany said:
not a dictionary word. In fact, it's not even English. And it's misspelled from the original language it's in
Click to expand...

lol... like GROGNERD

Etymology

From French grognard (“old soldier”)

Noun

grognard (plural grognards)

  1. An old soldier.
  2. an old veteran soldier; specifically of the grenadiers of the Imperial Guard (Grenadiers à Pied de la Garde Impériale); an old complaining soldier
  3. (games, slang) Someone who enjoys playing board wargames.
  4. (computer games, slang) Inside the computer game development industry, a game fan who will buy every game released in a certain genre of computer game (RTS, or computer role-playing game, etc.)
Click to expand...
 
I don't click on obvious clickbait and if I click on something and it takes another click or more to read, I don't need to read it. **** that clickbait ****.
 
kombat said:
Those are all terrible passwords.

My pet peeve is dumb password rules. It has to have an uppercase, a lowercase, a number, a symbol, can't contain any words that are in the dictionary, can't include the same letter back-to-back... It's focusing on the wrong thing.

You were close, when you suggested:



I like the "person, place, thing, and date" idea, but no need to abbreviate or substitute in weird characters. "MiJoChB@1984" is both far less secure and much harder to remember than simply "MichaelJordanChicagoBasketball1984."

Length is far more important than complexity. See this XKCD comic for an illustration:

password_strength.png
Click to expand...

Why do you think they are terrible? Is it purely on length per your cartoon?

I would think a cryptic phrase would be harder to guess. The first example in the cartoon is one word with substitutions. The second example is four words with 25 characters. The example below is 14 words broken up with 25 characters as well.

Anyhow, it's more of a memory thing for me. Like a phrase you know very well, then convert it into a password. The means to do so is OK if you're consistent.

I have a favorite saying. "A man needs to believe in something, I believe I will have another beer."

AM@NeT0Be1nSoIBeIWiHaAnBe.

How likely is that going to cracked? More importantly I think it's easy to remember. The first letter of every word is capitalized and you only use two letters.

The twist is the special characters.

I used;

The first lower case "a" to be @.

The "o" to change to 0.

The first "i" to change into a 1.
 
BTW - I read about this somewhere on Life Hacker. It's not my idea. I found it to be a simple way to make secure passwords and remember them.
 
Schlenkerla said:
Why do you think they are terrible?
Click to expand...

Schlenkerla said:
Pass phrase: God damn, mother fuker, piece of $hit, fuk you, mother fuker, (forth of July 1976)

Actual Password: GoDaMoFuPiOf$hFuYoMoFu7476
Click to expand...

Length is great, but the phrase from which it is derived is complicated, and you've got a special character ('$') standing in for an 'S'. Are you going to remember that whole phrase? Are you going to remember where you swapped in the weird character? Was it a zero for an 'O'? or a one for an 'L'? Are you going to remember the date format? Was it month/day or day/month? With/without leading 0's? Were there slashes? Also, the continual alternation between upper and lowercase, particularly over such a long string, is going to make it ripe for typos.

Schlenkerla said:
Michael Jordan, Chicago, b@sketball 1984

Password: MiJoChB@1984
Click to expand...

Already dissected earlier, but the main problems are length, weird character, unnecessary abbreviations, and alternating upper/lower case characters.

Schlenkerla said:
Donald Trump likes to watch Russian whores piss on mattresses. Jan 20th 2017

DoTrLiToWaRuWhPiOnM@012017
Click to expand...

Length is great, which makes all the convolution unnecessary. Was it Russian whores or Russian hookers? Was it mattress or bed? Was it "Donald Trump" or just "Trump?" And again, with the unnecessary, out-of-place weird character.

Schlenkerla said:
I would think a cryptic phrase would be harder to guess.
Click to expand...

Right, and that's the problem. Sysadmins are trying to defend us from humans trying to "guess" our passwords. "Don't use your pet's name! Don't use your street name!"

Trouble is, nobody's trying to guess your password. Hackers get a hold of a hashed password file, and leverage networks of load-sharing computers to brute-force your password. They're trying every combination of every possible character. Expanding the pool of potential characters helps some, but not as much as increasing the length. 74^10 (10 character password, using only numbers and upper/lowercase letters) is much bigger than 93^8 (8 character password, all numbers, upper/lowercase letters, punctuation, and common special characters).

They don't do dictionary attacks anymore (well, they might start out with that, since it's trivially fast now), but if they can't find it in their pool of common passwords, they just start going through every combination, getting longer and longer, until they find a match. They can try every combination of 2 characters in milliseconds. Same for 3 characters. 4 characters, they can exhaust the problem space in seconds/minutes. But it takes exponentially longer with each added character.

10 characters should be a bare-minimum length for passwords, but even those can be cracked fairly quickly with sufficient computing power. 14 characters or longer takes so long that hackers will give up and move on to the next one (at least, with current computing power).

So yes, it's primarily the length that matters.

Schlenkerla said:
The first example in the cartoon is one word with substitutions. The second example is four words with 25 characters. The example below is 14 words broken up with 25 characters as well.
Click to expand...

Right. But "CorrectHorseBatteryStaple" is far easier to remember than "AM@NeT0Be1nSoIBeIWiHaAnBe." And your pattern of "Person, Place, Thing and Date" is even better still, in my opinion, because instead of having to remember 4 random words, you can use a particular event that is meaningful to you (i.e., "SchlenkerlaDenverBirthdayJune091980", or an anniversary, your graduation, whatever).

Schlenkerla said:
Anyhow, it's more of a memory thing for me. Like a phrase you know very well, then convert it into a password. The means to do so is OK if you're consistent.
Click to expand...

I do the same thing, but not because it's easy, because my employer's password rules have archaic requirements. Ironically, using the actual phrase itself would be far more secure than the shorter, more convoluted hash I'm forced to derive from it.

Removing the requirement to maintain a "consistent means" of converting a phrase into a password can only make the passwords both easier to remember (i.e., ditch the "means" of conversion altogether) and more secure (because you're using the longer actual phrase, rather than a shortened hash of it).

Schlenkerla said:
I have a favorite saying. "A man needs to believe in something, I believe I will have another beer."

AM@NeT0Be1nSoIBeIWiHaAnBe.

How likely is that going to cracked?
Click to expand...

It's not. It's plenty long. But it's hard to remember. Not the phrase, that's easy (I already remember it), but the weird abbreviations and substitutions you're doing. Ironically, if you ditched the shortening and substitutions, it would be a FAR MORE secure password (wrapped in code tags to keep BBcode from inserting a space):

Code: 
Amanneedstobelieveinsomething,IbelieveIwillhaveanotherbeer.

Heck, you could chop off the second half altogether and it would still be almost as secure as the first one (which, at 26 characters, far exceeds anything crackable with current technology). That is, "Amanneedstobelieveinsomething" is an exceptionally secure password, and much easier to remember and input correctly than your version.

Schlenkerla said:
More importantly I think it's easy to remember.
Click to expand...

The phrase is, yes, for sure. It's the "convolution" rules that are the problem.

Schlenkerla said:
The twist is the special characters.
Click to expand...

That's entirely my point: There doesn't NEED to be a "twist." That's old school password thinking. Humans aren't guessing passwords anymore. We've moved past that. It's computers, throwing every possible combination of every possible character at your password's hash until it gets a match.
 
kombat said:
Length is great, but the phrase from which it is derived is complicated, and you've got a special character ('$') standing in for an 'S'. Are you going to remember that whole phrase? Are you going to remember where you swapped in the weird character? Was it a zero for an 'O'? or a one for an 'L'? Are you going to remember the date format? Was it month/day or day/month? With/without leading 0's? Were there slashes? Also, the continual alternation between upper and lowercase, particularly over such a long string, is going to make it ripe for typos.



Already dissected earlier, but the main problems are length, weird character, unnecessary abbreviations, and alternating upper/lower case characters.



Length is great, which makes all the convolution unnecessary. Was it Russian whores or Russian hookers? Was it mattress or bed? Was it "Donald Trump" or just "Trump?" And again, with the unnecessary, out-of-place weird character.



Right, and that's the problem. Sysadmins are trying to defend us from humans trying to "guess" our passwords. "Don't use your pet's name! Don't use your street name!"

Trouble is, nobody's trying to guess your password. Hackers get a hold of a hashed password file, and leverage networks of load-sharing computers to brute-force your password. They're trying every combination of every possible character. Expanding the pool of potential characters helps some, but not as much as increasing the length. 74^10 (10 character password, using only numbers and upper/lowercase letters) is much bigger than 93^8 (8 character password, all numbers, upper/lowercase letters, punctuation, and common special characters).

They don't do dictionary attacks anymore (well, they might start out with that, since it's trivially fast now), but if they can't find it in their pool of common passwords, they just start going through every combination, getting longer and longer, until they find a match. They can try every combination of 2 characters in milliseconds. Same for 3 characters. 4 characters, they can exhaust the problem space in seconds/minutes. But it takes exponentially longer with each added character.

10 characters should be a bare-minimum length for passwords, but even those can be cracked fairly quickly with sufficient computing power. 14 characters or longer takes so long that hackers will give up and move on to the next one (at least, with current computing power).

So yes, it's primarily the length that matters.



Right. But "CorrectHorseBatteryStaple" is far easier to remember than "AM@NeT0Be1nSoIBeIWiHaAnBe." And your pattern of "Person, Place, Thing and Date" is even better still, in my opinion, because instead of having to remember 4 random words, you can use a particular event that is meaningful to you (i.e., "SchlenkerlaDenverBirthdayJune091980", or an anniversary, your graduation, whatever).



I do the same thing, but not because it's easy, because my employer's password rules have archaic requirements. Ironically, using the actual phrase itself would be far more secure than the shorter, more convoluted hash I'm forced to derive from it.

Removing the requirement to maintain a "consistent means" of converting a phrase into a password can only make the passwords both easier to remember (i.e., ditch the "means" of conversion altogether) and more secure (because you're using the longer actual phrase, rather than a shortened hash of it).



It's not. It's plenty long. But it's hard to remember. Not the phrase, that's easy (I already remember it), but the weird abbreviations and substitutions you're doing. Ironically, if you ditched the shortening and substitutions, it would be a FAR MORE secure password (wrapped in code tags to keep BBcode from inserting a space):

Code: 
Amanneedstobelieveinsomething,IbelieveIwillhaveanotherbeer.

Heck, you could chop off the second half altogether and it would still be almost as secure as the first one (which, at 26 characters, far exceeds anything crackable with current technology). That is, "Amanneedstobelieveinsomething" is an exceptionally secure password, and much easier to remember and input correctly than your version.



The phrase is, yes, for sure. It's the "convolution" rules that are the problem.



That's entirely my point: There doesn't NEED to be a "twist." That's old school password thinking. Humans aren't guessing passwords anymore. We've moved past that. It's computers, throwing every possible combination of every possible character at your password's hash until it gets a match.
Click to expand...

I don't have a problem with memorizing them. Been doing it this way for 5 years on my Linux machine. I have one I use regularly and I have little to no issues with typos (drunk or sober). I usually use the last two vowels as the number substitution.

I will say that my employer has fully encrypted hard drives and requires two factor authentication on every pc. The password strength is less critical now.

On my chromebook and chromebox I have two factor authentication as well. They also have a "smart unlock" feature which uses a bluetooth connection to one's cell phone to unlock or bypass the login. Your cell phone needs to be close by and unlocked. All you have to do is click on the login avatar.
 
Have a new one.

Today some moron brought his dog to a little league game. Then chained the thing to some aluminum bleachers. The dog goes bezerk and barks and jumps every farking time the ball is thrown. I'm like WTF. You couldn't leave it at home?

Luckly they only played 3 innings.
 
So last weekend I rented a gas pressure washer. I waited until after 9:00 to run it in the alley and after 10:00 to run it between my house and the neighbor's house. I need to run my gas chainsaw at my parents' house in a little bit but I'm waiting until at least 9:30 or 10:00 to do it.

As I sit here at 6:25 a.m., some bonehead is mowing the lawn up the street. Sheesh.
 
JonM said:
So last weekend I rented a gas pressure washer. I waited until after 9:00 to run it in the alley and after 10:00 to run it between my house and the neighbor's house. I need to run my gas chainsaw at my parents' house in a little bit but I'm waiting until at least 9:30 or 10:00 to do it.

As I sit here at 6:25 a.m., some bonehead is mowing the lawn up the street. Sheesh.
Click to expand...

I went to rent a gas pressure washer yesterday and they wouldn't let me take it home in my car
 
I feel ashamed at admitting this one. I can't get my goddamn $30 sprinkler to water my garden only and not my house.
 
I'm starting to think if I should just invest in a spike strip.

There's some idiot that drives every day in the morning through our tiny suburbian street at about 60 mph while on his freaking mobile phone, just about when I step out to to walk the dog.....

Not only is it ludicrously fast to drive through a tiny just-and-just 2way street with blind corners, our side of the road doesn't have pavement so a lot of houses just have hedges straight on the road with children living here....
 
Kharnynb said:
I'm starting to think if I should just invest in a spike strip.

There's some idiot that drives every day in the morning through our tiny suburbian street at about 60 mph while on his freaking mobile phone, just about when I step out to to walk the dog.....

Not only is it ludicrously fast to drive through a tiny just-and-just 2way street with blind corners, our side of the road doesn't have pavement so a lot of houses just have hedges straight on the road with children living here....
Click to expand...

got someone on our court like that. can't do 60, not enough street, plus his car is a junker.

he works for a beer distributor and hooks me up with beer. last time was a 12-pack of Founders' All Day IPA.

so, I'm conflicted
 
Kharnynb said:
I'm starting to think if I should just invest in a spike strip.

There's some idiot that drives every day in the morning through our tiny suburbian street at about 60 mph while on his freaking mobile phone, just about when I step out to to walk the dog.....

Not only is it ludicrously fast to drive through a tiny just-and-just 2way street with blind corners, our side of the road doesn't have pavement so a lot of houses just have hedges straight on the road with children living here....
Click to expand...

Call the police. Let them know it's happening. They will eventually set out a trap for that fool. Especially if you know the time it occurs.

I called the police before at my in-laws. There's street parking with only one lane upon for traffic. Some dude was barreling down the street recklessly fast. The next day they were in the cul-de-sac waiting for that fool.

Don't know if they ever busted him. They were waiting there.
 
KayaBrew said:
I feel ashamed at admitting this one. I can't get my goddamn $30 sprinkler to water my garden only and not my house.
Click to expand...

Post a picture of the damn thing.

You can put a cheap ball valve just before the sprinkler to restrict flow.

You can also try kinking the hose to test this.
 
KayaBrew said:
I feel ashamed at admitting this one. I can't get my goddamn $30 sprinkler to water my garden only and not my house.
Click to expand...

Schlenkerla said:
Post a picture of the damn thing.

You can put a cheap ball valve just before the sprinkler to restrict flow.

You can also try kinking the hose to test this.
Click to expand...
What type of sprinker? Oscillating, impulse, or any other adjustable type? Or a "simple" pattern type?

I've got an impact type sprinkler that I can adjust to hit almost all of my trapezoid-shaped yard, and not spray the house or garden shed. Took about an hour of standing there watching it cycle to get it set right, but once it was set, I just have to make sure to set it in the same spot every time and it's golden.
 
People who badger others who won't take a test with too many stupid questions that takes more time than it is worth.
 
Schlenkerla said:
Maybe I missed it, twice it wasn't clear what the test is unless it's a euphemism. My defense is being drunk, dense, and lazy.
Click to expand...

Sorry. It was a very active thread that appears to have been deleted. To participate, there was a questionnaire you had to answer: "The Test". Your response to over 50 questions established you as a poster on the thread. If you did not, you were shunned by the group who had taken/created/added to "The Test".

I posted there a few times, was reminded to take the "The Test", and may have insulted them about their sophomoric exclusionary club when they insisted I take "The Test". I walked away.

I'm sure the thread started with the spirit of good fun. In retrospect, the participants were just updating each other with the mundane details of their daily lives. Not a lot of memorable brew tips were lost when the thread was deleted.
 
Status
Not open for further replies.

Similar threads

Broken Crow
1/4" Swivel-nut > 3mm EVABarrier > 6.35mm Monotight connector > Duotight Shank
Replies
3
Views
612
Broken Crow
Broken Crow
3 Dawg Night
FotHB XIX: Legal to Drink in Canada
2 3
Replies
86
Views
3K
3 Dawg Night
3 Dawg Night
Ashv1
Greetings from Iran! (sorry for the long introduction)
Replies
32
Views
1K
Hoppy2bmerry
Hoppy2bmerry
T
FotHB XVIII: In Memory of @aharri1 [RIP]
2 3 4
Replies
132
Views
7K
RCope
RCope
CallMeKiupid
Kiupid's Mead Guide for Beginners (like me)
Replies
3
Views
1K
Barzahl
B

Latest posts

Back
Top