• CileTheSane@lemmy.ca
      link
      fedilink
      arrow-up
      16
      ·
      9 months ago

      Listing those requirements up front would make things way easier for brute force attackers

      They list all those requirements when you try to create an account. If anyone wants to try to brute force they already have that info.

      • LwL@lemmy.world
        link
        fedilink
        arrow-up
        9
        ·
        9 months ago

        Also, online logins should lock you out temporarily after a few failed attempts anyway, making brute force a complete non issue.

        Also also, if you’re going to try to brute force someones pw, you would just look up the requirements beforehand anyway.

      • Jyek@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        If you brute force using single iterations of all possible combinations sure. But people don’t do that. They use fully readable passwords and letter substitutions. This makes dictionary attacks viable. There are a known number of readable words and phonetic combinations that are significantly easier to brute force. And also the vast majority of numbers are also guessable because most numbers are dates. Series of 2 or 4 or 8 numbers to form important dates means there are lots of numbers between 1940-2024. People don’t usually unconditionally random alphanumeric passwords. Therefore peoples passwords will never be fully secure against sufficiently advanced brute force methods.

        • masterofn001@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          9 months ago

          I originally included the words “assuming random” to the post. Why I removed it? I guess for dramatic effect. You are correct. Permutations of dictionary words are relatively trivial for a decent program. But, increasing the length and the addition of special characters adds a nontrivial exponential increase in time, wouldn’t it?

    • Duamerthrax@lemmy.world
      link
      fedilink
      arrow-up
      6
      arrow-down
      2
      ·
      9 months ago

      Brute Force attacks haven’t been effective for decades. Not since they implemented delays between attempts and times outs/lock outs for too many failed attempts.