Thanks for the heads up.
(SoulStealer9875|ROBLOX-Profile]
@ 13:47, 9 April 2012 (UTC)
- I"m randomly being logged out of ROBLOX.com now. Would this be part of the security update? My password, according to some random thing, will take a few million years to guess using a cracker, and it's different then ROBLOX's, so I think I'll be OK. However, I'm still getting randomly logged out of ROBLOX. :/ - Quenty (talk • April 10)
- Nothing I'm aware of. I'd message [email protected] and see if they know what could cause that.--Gordonrox24 | Talk 17:52, 10 April 2012 (EDT)
"Must have 1 alpha-numeric character "
Do you mean "1 NON-alpha-numeric character"? If not, this point seems unnecessary. NecroBumpist 10:44, 14 April 2012 (EDT)
- oops. Yep sorry about that.--Gordonrox24 | Talk 15:33, 16 April 2012 (EDT)
Password strength is reduced by strict guidelines
While I completely agree with your first two points, I'm not convinced by the wisdom of the last two. More character classes does not imply a stronger password, only a less memorable one. That only encourages people to pick things like password12!. Furthermore, the more precise the restrictions on the password, the easier it is to brute force. Pass phrases are superior.
- I completely agree with you; pass phrases are a lot better than passwords (especially if you use capital letters and punctuation correctly (or even incorrectly), not only words separated by spaces. Just adding commas already make them a lot more complex). However, why would you even want a "strong" password? As long as your password is neither "password", nor "qwerty", nor your username, your password is fine. Brute forcing, you say? Hah! Good luck bruteforcing a password on a website that has captchas. --JulienDethurens 17:40, 16 April 2012 (EDT)
- I understand your concerns. However, we still want the passwords changed, and we would still like them to meet the requirements. --Gordonrox24 | Talk 19:55, 16 April 2012 (EDT)
- I've changed it already. However, really, even a password such as "keyboard" or "wall" would be fine on any website that has captchas and would protect your account just as well as "arx!!52qE?c7X". I'm serious. As soon as a website has captchas, your password is automatically safe unless it is one of the first 15 passwords account stealers would try, AKA: your username, "password", qwerty", 123 and 1234 and some other obvious passwords. If your password isn't one of those, it is literally as safe as "arx!!52qE?c7X"... --JulienDethurens 20:46, 16 April 2012 (EDT)
- I guess changing my wiki password to something with 129 bits of entropy that requires KeePass2 to actually login with was not really worth it... <regret/>
- I've changed it already. However, really, even a password such as "keyboard" or "wall" would be fine on any website that has captchas and would protect your account just as well as "arx!!52qE?c7X". I'm serious. As soon as a website has captchas, your password is automatically safe unless it is one of the first 15 passwords account stealers would try, AKA: your username, "password", qwerty", 123 and 1234 and some other obvious passwords. If your password isn't one of those, it is literally as safe as "arx!!52qE?c7X"... --JulienDethurens 20:46, 16 April 2012 (EDT)
- I understand your concerns. However, we still want the passwords changed, and we would still like them to meet the requirements. --Gordonrox24 | Talk 19:55, 16 April 2012 (EDT)