The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
I once created a really long password using all the allowable characters. When it came time to change it, the new password was rejected because it had too many of the same characters as the previous one. If the sysadmin had not been able to override that rule, I'd never have been able to use that system again.
A study was done a number of years ago regarding password complexity. The finding was that as complexity increases, security is reduced - because people have to write their passwords down in order to remember them, thus completely defeating the security that the demanded complexity affords.
I got you beat though - along with the complexity requirements (at least 16 characters, no more than three consecutive letters or numbers, must include numbers, a mix up upper and lower case letters and special characters, no group of letter can create a word, and every time you change it, it can't be more than 50% similar to one of the last 10 passwords you used), my employer forces a password change every 15 days.
This is done for our time sheet app. I mean seriously - WTF!? My strategy is to simply create a GUID in Visual Studio and submit it until one passes their absurd validation, and then save it in a text file.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
I did that last time, made a screenshot of the form with four(!) questions and answers and saved it in a folder on my desktop.
Couldn't care less if that account got hacked, jokes on the hacker, the customer account is now yours I don't want anything to do with it!
I recall not too long ago, a bank I wanted to use to transfer money to another person demanded I identify myself. A list of ridiculous questions appeared, including a demand that I identify the current address of my ex-wife. We split 30 years ago and I haven't heard (thankfully) since! Morons everywhere, and we let them program computers and vote!
What does dividing a letter by two even mean? As a developer I'd think of its ASCII integer value, but mere mortals wouldn't be asked that question. Its position in the alphabet? For odd-numbered letters, do you then round up, or down?
(Once again, I'm probably overthinking this, and it wasn't the point to your post anyway...)
The problem with these "secret questions" is that the answer isn't always necessarily difficult to answer. Wasn't there a well-publicized case a few years ago of some government official who managed to get some hacker to successfully go through an email password reset procedure, because all of the questions could be googled (like what high school did he go to, or the name of his dog, all of which he had answered at one point or another in various interviews or they were part of his page on Wikipedia...)?
Of course being a "nobody" myself, I don't have to worry about that aspect, but still - when I'm asked these questions for an important site, the answer I provide is as long and complex and non-memorable as the output of a password generator. Which defeats the "easy to answer" purpose of these questions, but I believe those are a bad idea to begin with.
Exactly, pretty impossible to answer the question, right?
Let alone how you would know the name of your great great great great grandson because most people don't live that long
And then there are the assumptions that all those generations will have children, that specific generation will have a boy and he'll have at least two names with the second having at least three letters.
That was kind of my point, those questions are impossible to answer
Funny how you were only wondering about the dividing a letter part though
In the U. S. of A, many financial institution have been using this for some years. Often having as many as five such questions so you could be asked for any one or more of them.
As a rule, I don't give real answers - but rather something deducible from an algorithm (in my head only - hacking that would be a bloody mess - as you French well know).
Why the algorithm? Well - it turns out that all of these places are now accumulating even more personal information about you that only you should know. Even more candy for that inevitable day they get hacked.
My (US) government run sites validate by sending me a key via email - so someone needs to know where I get their email. On one site, passwords are entered via mouse on a little online keyboard - so it cannot be key-logged (they change the references every time).
You don't have to give a "true" answer to the security questions. You just have to give an answer you remember. When does your drivers license expire? On your birthday in 2028. What's your electric company's account number? 12345. And the best way to keep it all straight - a password manager program like KeePass.
Last Visit: 18-Sep-20 14:41 Last Update: 18-Sep-20 14:41