Website security

September 26. 2018 0 Comments

For quite some we all used to use websites. And one some of these websites are creating accounts and this requires us to use passwords. From technical point of view there is nothing that prevents us using any character that you can type on keyboard including Chinese and Japanese. And the more characters allowed the safer password is. Imaging that password only allows 3-character passwords. For only lower-case English letters there will be 26*26*26 = 17,576 combinations. If upper case letters are also allowed, then you have 52*52*52 = 140,608 combinations and that is 8 times more. But if Chinese characters are also allowed then 50052 * 50052 * 50052 and that is 125,390,405,740,608 combinations.

But as you can imagine most websites are not allowed Chinese characters because they use old systems that doesn’t handle well Unicode characters and that’s understandable. But I don’t understand why some websites that belongs to huge corporations are not allowing to use specials characters like ! or @or # in passwords. These characters are easy to remember, and they increase strength of the password. Moreover, some of them allowed them in the past but then stopped supporting them.

Some websites (like of the banks I’m using) requires digit in use name. For security. And what user will use? You are right, most of them will use year they were born. Does it add anything to security? Well pretty much nothing.

And these days pretty much any website requires you to answer some security questions and it is driving me nuts. What is your favorite move? I have no idea. What is your favorite color? I have no idea. What was you first teacher name. I don’t remember.

And by the way when you answer these questions you should always assume that that website will be accesses by hackers. If you paid attention you will know that for last few years billions of accounts where compromised. And everyone was saying “Don’t use the same password on all websites” but most websites using the same security questions so if someone got access to security questions of some blog then they can get access to your Facebook account or even internet banking. So, I never put real information when I answer these questions. And by the way Big Brother is watching us 😊