Security Passwords

Section2

Well-known member
Thought this was interesting. We all hate passwords, it's so annoying when your computer makes you change them all the time, and you can't reuse any old ones. It's hard to keep track and remember. I just assumed that this was an organic requirement that companies adopted based on sound research and knowledge. And now I come to find that it was a bureaucrat at the National Institute of Standards and Technology. Uh oh, I'm starting to feel naive for not assuming.

Worse (but predictable), the bureaucrat who came up with this?
"The only problem is that Bill Burr didn’t really know much about how passwords worked back in 2003, when he wrote the manual. He certainly wasn’t a security expert. And now the retired 72-year-old bureaucrat wants to apologize. "

We should really consider having these people take over all our health care decisions.

 

Nokomis

Nothing To Say
I don't really have a comment on your post, but it reminds me of John Mulaney's SNL opening monologue. You can skip ahead to the 5:45 mark if you just want to hear the password/computer bit.

 
Thought this was interesting. We all hate passwords, it's so annoying when your computer makes you change them all the time, and you can't reuse any old ones. It's hard to keep track and remember. I just assumed that this was an organic requirement that companies adopted based on sound research and knowledge. And now I come to find that it was a bureaucrat at the National Institute of Standards and Technology. Uh oh, I'm starting to feel naive for not assuming.

Worse (but predictable), the bureaucrat who came up with this?
"The only problem is that Bill Burr didn’t really know much about how passwords worked back in 2003, when he wrote the manual. He certainly wasn’t a security expert. And now the retired 72-year-old bureaucrat wants to apologize. "

We should really consider having these people take over all our health care decisions.

I'm so thankful that these beaurocrats can make better decisions about my own life than I can. We should do a fun experiment and see how large we can grow our federal government before it collapses down on us!

One thing I don't understand is why some of the largest Trump-bashers are also advocates of a socialist/communist form of government. Why would someone want to give more power to the federal government when they hate and/or fear those in charge of it. After Trump, down the road, it's just going to be someone else.
 

justthefacts

Active member
I'm so thankful that these beaurocrats can make better decisions about my own life than I can. We should do a fun experiment and see how large we can grow our federal government before it collapses down on us!

One thing I don't understand is why some of the largest Trump-bashers are also advocates of a socialist/communist form of government. Why would someone want to give more power to the federal government when they hate and/or fear those in charge of it. After Trump, down the road, it's just going to be someone else.
Did you read the article? The standards were created 16 years ago. Of course, they're no longer relevant. Section2 might has well have said, "Bill Gates was the inventor of a purely text-based operating system, which experts agree is not useful for the average business users, and therefore Microsoft and all private industry are worthless at creating technical innovation. We should really consider having these people take over all our automotive manufacturing. "

In fact, the article goes on to say:



In other words, the very government bureaucracy he rails against for creating outmoded standards is now held up as the example of the best standard, thus demonstrating their value and adaptability.

In fact, it's an indictment of any company that Section2 has worked for or with that they're still using the outdated guidelines, considering the current standards fairly closely mirror those that have been in place for several years now.

The OP couldn't have been worse if it tried.
 

Section2

Well-known member
I'm so thankful that these beaurocrats can make better decisions about my own life than I can. We should do a fun experiment and see how large we can grow our federal government before it collapses down on us!

One thing I don't understand is why some of the largest Trump-bashers are also advocates of a socialist/communist form of government. Why would someone want to give more power to the federal government when they hate and/or fear those in charge of it. After Trump, down the road, it's just going to be someone else.
They want an all powerful government and authoritarian President. They just didn’t think they would ever lose an election again. They are terrified of Trump being in charge.
 

Section2

Well-known member
Did you read the article? The standards were created 16 years ago. Of course, they're no longer relevant. Section2 might has well have said, "Bill Gates was the inventor of a purely text-based operating system, which experts agree is not useful for the average business users, and therefore Microsoft and all private industry are worthless at creating technical innovation. We should really consider having these people take over all our automotive manufacturing. "

In fact, the article goes on to say:



In other words, the very government bureaucracy he rails against for creating outmoded standards is now held up as the example of the best standard, thus demonstrating their value and adaptability.

In fact, it's an indictment of any company that Section2 has worked for or with that they're still using the outdated guidelines, considering the current standards fairly closely mirror those that have been in place for several years now.

The OP couldn't have been worse if it tried.
I would have to dig into it, but there are a hundred ways government can “encourage” companies to adopt the standards they set.
If I thought companies stupidly followed these standards without ANY coercion whatsoever I wouldn’t have posted. Nothing wrong with powerless bureaucrats making recommendations. There aren’t many powerless bureaucrats.
 

justthefacts

Active member
I would have to dig into it, but there are a hundred ways government can “encourage” companies to adopt the standards they set.
If I thought companies stupidly followed these standards without ANY coercion whatsoever I wouldn’t have posted. Nothing wrong with powerless bureaucrats making recommendations. There aren’t many powerless bureaucrats.
Ah, now it's not that the standards are bad, but rather it's government's fault for not encouraging / forcing the companies to apply the new standards. If the standards were so obviously bad, why not use the better ones. There are literally no laws about specific password guidelines
 

Section2

Well-known member
Ah, now it's not that the standards are bad, but rather it's government's fault for not encouraging / forcing the companies to apply the new standards. If the standards were so obviously bad, why not use the better ones. There are literally no laws about specific password guidelines
No no no. The standards for a gigantic national bureaucracy were written by someone who had zero expertise in them. Which were then adopted by the entire country for ~ 2 decades. That is a massive effect and a massive waste of time and energy.
Now they’re encouraging new standards. Super.

Only a naive big government sycophant would think laws are the only way to accomplish control and power. You think it’s a big coincidence that these standards were adopted across the board?
 

Section2

Well-known member
Good news JtF. You can correctly rip Trump for tripling the budget for the fools at this agency. $1B a year they’re borrowing from your grandkids to have idiots tell the country how to set their passwords incorrectly
 

justthefacts

Active member
NIST has been recommending MFA for at least 4 years and yet most systems at most corporations don't require it. You can blame government all you want, but unless these things become laws, which you don't want, corporations have only data breach lawsuits to motivate them


Additionally, no one ever said that the old standards were wrong, per se, they were just too hard for most people to follow. That wasn't really understood until later. Science advanced. Unless there's some evidence that the NIST standard was known to be bad when it was published, which no one has provided

 
Last edited:

Section2

Well-known member
NIST has been recommending MFA for at least 4 years and yet most systems at most corporations don't require it. You can blame government all you want, but unless these things become laws, which you don't want, corporations have only data breach lawsuits to motivate them


Additionally, no one ever said that the old standards were wrong, per se, they were just too hard for most people to follow. That wasn't really understood until later. Science advanced. Unless there's some evidence that the NIST standard was known to be bad when it was published, which no one has provided

I can see you're feeling a little defensive. As you should.
 

GoodasGold

Active member
Thought this was interesting. We all hate passwords, it's so annoying when your computer makes you change them all the time, and you can't reuse any old ones. It's hard to keep track and remember. I just assumed that this was an organic requirement that companies adopted based on sound research and knowledge. And now I come to find that it was a bureaucrat at the National Institute of Standards and Technology. Uh oh, I'm starting to feel naive for not assuming.

Worse (but predictable), the bureaucrat who came up with this?
"The only problem is that Bill Burr didn’t really know much about how passwords worked back in 2003, when he wrote the manual. He certainly wasn’t a security expert. And now the retired 72-year-old bureaucrat wants to apologize. "

We should really consider having these people take over all our health care decisions.

OK boomer
 

justthefacts

Active member
I'm not giving up. You haven't addressed my points.
Yes, I did. You blamed a bureaucrat for sub-par password standards, and I showed you where in your own article it said that at that time there wasn't much research that would have demonstrated there were better methods.

There is exactly ZERO evidence that his standards weren't the best thinking at the time.
 

Cruze

Active member
They want an all powerful government and authoritarian President. They just didn’t think they would ever lose an election again. They are terrified of Trump being in charge.
This is your most stupid post ever (by far). It's a giant and illogical leap to to conclude that progressives, liberals, and socialists who don't want all powerful (and monopolistic) corporations running America are ok with all powerful and authoritarian presidents running America. Particularly, presidents who are elected with less votes than their opponents.

People like me hate all powerful and authoritarian anything (and everything). That's why we love democracy and the U.S. Constitution - and people like you don't. You don't mind taking it up the ass from from the nameless and faceless people who run multi-national corporations that are beyond the control of governments. In truth, you kind of like it.
 
Last edited:

Ogee Oglethorpe

Over Macho Grande?
Section2, you are out of your element. And being owned. Stop.
For the life of me I don't know why anyone bothers to engage with JTF. They are clearly a "last word" type of individual, and will just keep responding and responding and responding until they just wear people down into quitting. And then, "I win!!"
 

justthefacts

Active member
For the life of me I don't know why anyone bothers to engage with JTF. They are clearly a "last word" type of individual, and will just keep responding and responding and responding until they just wear people down into quitting. And then, "I win!!"
I am sorry that my knowledge of information technology intimidates you. Any actual substantive disagreement with anything I've written?
 

Section2

Well-known member
Yes, I did. You blamed a bureaucrat for sub-par password standards, and I showed you where in your own article it said that at that time there wasn't much research that would have demonstrated there were better methods.

There is exactly ZERO evidence that his standards weren't the best thinking at the time.
There wasn’t much research. What exactly is it that we just have $1B a year to this bureaucracy to do? I’ll wait.
Was it to guess what password standards should be and force everyone to adopt that guess? Apparently you think that was a wise choice. And it’s ok since 15 years later they updated them.

He wasn’t an expert. He didn’t know what he was talking about. I don’t need any other evidence. This is indefensible.
 

Section2

Well-known member
This is your most stupid post ever (by far). It's a giant and illogical leap to to conclude that progressives, liberals, and socialists who don't want all powerful (and monopolistic) corporations running America are ok with all powerful and authoritarian presidents running America. Particularly, presidents who are elected with less votes than their opponents.

People like me hate all powerful and authoritarian anything (and everything). That's why we love democracy and the U.S. Constitution - and people like you don't. You don't mind taking it up the ass from from the nameless and faceless people who run multi-national corporations that are beyond the control of governments. In truth, you kind of like it.
Then why do you love Castro and Chavez so much? You’re a liar. You hate the constitution.
 

justthefacts

Active member
There wasn’t much research. What exactly is it that we just have $1B a year to this bureaucracy to do? I’ll wait.
Was it to guess what password standards should be and force everyone to adopt that guess? Apparently you think that was a wise choice. And it’s ok since 15 years later they updated them.

He wasn’t an expert. He didn’t know what he was talking about. I don’t need any other evidence. This is indefensible.
Again, the article you cited says that the standards were fine as far as actual security goes. The entropy of an 8 character password with random characters was high enough to prevent hacking. It's not like they spent $1B coming up with that standard alone. NIST does a lot of other things.
 

OldBob53

Member
The glaringly stupid thing about passwords is that they don't allow you to see what you've typed -- it shows up as ***********. Like a spy is going to be watching you input your password -- that's just dumb.
 
Top Bottom