Question about the new password rules.

[lohi2]

Annoying. I already had a 11 character password. Now what's being protected here on my account? Nothing but the list of favorite games so I don't have to scroll so much to find them every couple of years when I go looking for new mods. Security should match the value of what's being protected. I use strong passwords where needed, simple ones where it doesn't matter. And no password manager except for a thumb drive and backup that's kept unplugged; cloud storage is unreliable, using third party software that can change at any time is unreliable. My bank password isn't even on the thumb drives but on paper only.

 

i'd still be using this as a guest with no account if you could actually get stuff done that way.

[HeyYou]

Annoying. I already had a 11 character password. Now what's being protected here on my account? Nothing but the list of favorite games so I don't have to scroll so much to find them every couple of years when I go looking for new mods. Security should match the value of what's being protected. I use strong passwords where needed, simple ones where it doesn't matter. And no password manager except for a thumb drive and backup that's kept unplugged; cloud storage is unreliable, using third party software that can change at any time is unreliable. My bank password isn't even on the thumb drives but on paper only.

 

i'd still be using this as a guest with no account if you could actually get stuff done that way.

Trouble is, password criteria isn't set on a per-user basis. So, if even ONE person had the need to the VERY strong password, then everyone else would be required to do so as well. Here, we have quite a few folks that actually need the strong passwords. Mod authors. So, everyone gets to have one.

[Mauzeraut]

Annoying. Larger passwords don't stop keyloggers and decrease password differentiation in lay users. Password managers have limitations, particularly for mobility,and require setup that most users won't go through.

If you're that concerned about security, start implementing two-factor authentication and/or an authenticator app for people who make financial transactions with the Nexus. For most people that just use it to keep a list (which for some stupid reason you can't do with an anonymous guest account), that means you're forcing them to use a "serious" password over their Space Balls Special ('1-2-3-4-5') on a game site that might lose it, so when they invariably change their dicey porn site password to a unified one, they'll lose your code long with their bank account code, even if its a 55-character alt-code ASCII mess.

I've been using pass phrases to keep ahead of the curve on this, but that's not common practice, and strict alphanumerics requiring bizarre symbols and various other security theater acts make it harder for me to actually secure my account, but I'm trying real hard, Ringo.

 

 

[guyguyga]

The thing that's most annoying are those "special/uppercase characters." That makes it harder to remember, and it doesn't stop most bots. It's been mathematically proven that special characters are useless, worthless, time-wasting trash, especially compared to an easier to remember, but longer password.

 

The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time (gizmodo.com)

 

Research has been done time and time again, and every site still adopts these anti-consumer rules for whatever reason.

[Guest deleted34304850]

The thing that's most annoying are those "special/uppercase characters." That makes it harder to remember, and it doesn't stop most bots. It's been mathematically proven that special characters are useless, worthless, time-wasting trash, especially compared to an easier to remember, but longer password.

 

The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time (gizmodo.com)

 

Research has been done time and time again, and every site still adopts these anti-consumer rules for whatever reason.

Can you point me to that "research"? thing is, i do this for a living and what you posted is ... well, crap, basically.