Is it better to Auto-Genarate your New Member's User/Password? - GoFuckYourself.com

RyuLion · 04-20-2009, 01:52 PM

Please vote.

The advantage of auto-gen is, its a strong password vs. they usually choose a easy one which gets hacked.

MaDalton · 04-20-2009, 01:53 PM

yes

45678

psili · 04-20-2009, 02:02 PM

I hate auto-generated passwords... just more crap I have to hunt down and change. If a site auto generates my pass, and also requires an email confirmation link I need to click, I hate the site. Email confirmation is one thing, but I can't see how auto-generating something I should create myself; my login credentials, regardless of how retarded they may be, should be left up to me.

Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper?

RyuLion · 04-20-2009, 02:04 PM

Quote:

Originally Posted by psili

I hate auto-generated passwords... just more crap I have to hunt down and change. If a site auto generates my pass, and also requires an email confirmation link I need to click, I hate the site. Email confirmation is one thing, but I can't see how auto-generating something I should create myself; my login credentials, regardless of how retarded they may be, should be left up to me.

Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper?

right from the horses mouth! nice!

MaDalton · 04-20-2009, 02:07 PM

Quote:

Originally Posted by psili

I hate auto-generated passwords... just more crap I have to hunt down and change. If a site auto generates my pass, and also requires an email confirmation link I need to click, I hate the site. Email confirmation is one thing, but I can't see how auto-generating something I should create myself; my login credentials, regardless of how retarded they may be, should be left up to me.

Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper?

since people tend to use the same passwords everywhere only one security breach on one site can compromise all other sites where that person signed up. it's pretty common to try out existing user/pass combinations.
does not prevent posting of user/pass somewhere, but decreases the chances of password hacks

jmk · 04-20-2009, 02:20 PM

Technically yes, practically no

INDY500DRIVER · 04-20-2009, 02:21 PM

You could let them generate the password themselves and then auto-expire every 30 days to protect from content theivin...

Manowar · 04-20-2009, 02:27 PM

Quote:

Originally Posted by INDY500DRIVER

You could let them generate the password themselves and then auto-expire every 30 days to protect from content theivin...

would increase support tickets of people wondering why their pass doesnt work

Kellie · 04-20-2009, 02:45 PM

Auto Gen

psili · 04-20-2009, 02:56 PM

Quote:

Originally Posted by MaDalton

since people tend to use the same passwords everywhere only one security breach on one site can compromise all other sites where that person signed up. it's pretty common to try out existing user/pass combinations.
does not prevent posting of user/pass somewhere, but decreases the chances of password hacks

That's a very good point.

Then again, what is one trying to protect: user stupidity or content of a site the user joins up with? As we all know, "security is a myth". Does one make the user jump through hoops to join, or just let the user in. One can even implement a solution that keeps track of logged in accounts and denies subsequent logins from the same account if a threshold is met. Then you run into dumb users sharing their logins and not realizing they were stupid and you have a help desk issue as Manowar pointed out.

I've got no answers. I just hate auto-generated passes.

CIVMatt · 04-20-2009, 02:59 PM

I just hate auto-generated passes when I'm the one getting them

stickyfingerz · 04-20-2009, 03:03 PM

I wish we didn't have to auto generate as I hate it too, but honestly people pick fucking retarded user / pass combo. Just stupid. lol

BobG · 04-20-2009, 03:09 PM

auto gen with RoboForm or 1Password(mac). That way all your passwords are different but you have 1 master to access/fill

BlackElf · 04-20-2009, 11:40 PM

Quote:

Originally Posted by psili

..
Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper?

It is different since "fuck" will be more likely to be included in a brute force attack on a site
on the other hand "asd%$#908sd!!" is unlikely to be on a brute force attack.

After Shock Media · 04-20-2009, 11:58 PM

Quote:

Originally Posted by BlackElf

It is different since "fuck" will be more likely to be included in a brute force attack on a site
on the other hand "asd%$#908sd!!" is unlikely to be on a brute force attack.

About sums it up.
Makes it harder for brute shit, and for username/passwords being compromised at one site and then the person gets nailed everywhere else on top of it for using the same ones.

Just remind the people to click the save log in detail box or whatever.

Bashcab · 04-21-2009, 12:15 AM

Quote:

Originally Posted by BobG

auto gen with RoboForm or 1Password(mac). That way all your passwords are different but you have 1 master to access/fill

Roboform

XR2 · 04-21-2009, 05:10 AM

Depends on the type of site, e.g a dating site, allow users to enter thier own, as getting onto the site is part of the sales funnel, and you don't want to loose a customer when they can't remember a pass and thier email is bolloxed. For a paysite, I would autogen to ensure that its strong.

papagmp · 04-21-2009, 07:15 AM

Quote:

Originally Posted by stickyfingerz

I wish we didn't have to auto generate as I hate it too, but honestly people pick fucking retarded user / pass combo. Just stupid. lol

Isn't that the truth - we went to auto generated passwords about two years ago - we get the occasional help desk request for a lost password but it hasn't been a real problem.

sortie · 04-21-2009, 07:25 AM

Quote:

Originally Posted by RyuLion

Please vote.

The advantage of auto-gen is, its a strong password vs. they usually choose a easy one which gets hacked.

Gen is best to get a strong pass word but you can also require a 8 character pass word
and this increases the pass word strength.

However when the user creates the pass word the pass word traders can sometimes
be spotted right away by the pass word they chose.

When a join comes in and the pass word is "123456" I just immediately delete the
user and issue a refund. It's going to chargeback/bounce anyway so just kill the account
before that happens.

I wouldn't catch those if I generate the password myself.

RyuLion · 04-21-2009, 07:44 AM

Quote:

Originally Posted by sortie

Gen is best to get a strong pass word but you can also require a 8 character pass word
and this increases the pass word strength.

However when the user creates the pass word the pass word traders can sometimes
be spotted right away by the pass word they chose.

When a join comes in and the pass word is "123456" I just immediately delete the
user and issue a refund. It's going to chargeback/bounce anyway so just kill the account
before that happens.

I wouldn't catch those if I generate the password myself.

Wow! this is a good one!

raymor · 04-21-2009, 02:18 PM

Letting users choose their own passwords sucks because so many choose "password"
for their password, or something equally as easy to guess. A great many will choose
a dictionary word or a variation on a dictionary word, such as adding a single digit to
the end, so that's easy for the bad guys to guess.

Typical auto generated passwords suck because "Ad%O$#908sD^!" is very hard to
remember and easy to mistype. We found another approach which doesn't suck, and
we made a free online tool for anyone who wants to use it. We generate passwords which
LOOK like English words, so they are very easy to type and aren't too hard to remember.
They are NOT actually words, though, so they won't be in the cracker's dictionary.
Examples are frucspin and relitemer . The free tool to generate these can be found at:
http://www.bettercgi.com/strongbox/passgen/

TeenCat · 04-21-2009, 02:34 PM

its not about random or not random if you use protection as strongbox. random passes are good for sites that cannot afford sb, pennywize or some ip blocking software ... but users dont like it ... even if you have hole in system and their random passes are "hacked" ... its not about random or not ...

NaughtyRob · 04-21-2009, 02:36 PM

Autogenerate with random is the best as well as using Proxypass.

RyuLion · 04-21-2009, 04:07 PM

keep the votes coming!

View Poll Results: Is it better to Auto-Genarate your New Member's User/Password?
Yes	10	58.82%
No	7	41.18%
Voters: 17. You may not vote on this poll

04-20-2009, 01:52 PM	#1
RyuLion ClubDomCash.com Industry Role: Join Date: Mar 2003 Location: San Diego Posts: 32,235	Is it better to Auto-Genarate your New Member's User/Password? Please vote. The advantage of auto-gen is, its a strong password vs. they usually choose a easy one which gets hacked. __________________ Adult Biz Consultant A tech head since 1995

04-20-2009, 01:53 PM	#2
MaDalton I am Amazing Content! Industry Role: Join Date: Feb 2004 Posts: 39,828	yes 45678 __________________ AmazingContent.com - providing only the best content and service since 2003 Monetize your content on Veegaz.com - one of Germanies largest VOD sites Got German traffic? We convert it into money for you! Skype: madalton02826 - Email: oltecconsult [at] gmail [dot] com

04-20-2009, 02:02 PM	#3
psili Confirmed User Join Date: Apr 2003 Location: Loveland, CO Posts: 5,526	I hate auto-generated passwords... just more crap I have to hunt down and change. If a site auto generates my pass, and also requires an email confirmation link I need to click, I hate the site. Email confirmation is one thing, but I can't see how auto-generating something I should create myself; my login credentials, regardless of how retarded they may be, should be left up to me. Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper? __________________ Your post count means nothing.

04-20-2009, 02:21 PM	#7
INDY500DRIVER Confirmed User Join Date: Apr 2008 Location: Always "Travelin Light" Posts: 622	You could let them generate the password themselves and then auto-expire every 30 days to protect from content theivin... __________________ http://mega.co.nz

04-20-2009, 02:20 PM	#6
jmk Confirmed User Industry Role: Join Date: Sep 2002 Posts: 5,391	Technically yes, practically no

04-20-2009, 02:45 PM	#9
Kellie Cherry Pimps Industry Role: Join Date: Aug 2005 Location: Arizona Posts: 1,198	Auto Gen __________________ Traffic Pimps Webmaster / Content Manager Email: [email protected] Skype: kellie_az ICQ: 216375050

04-20-2009, 02:59 PM	#11
CIVMatt Amateur Pimpin Industry Role: Join Date: Aug 2004 Location: Orlando, FL Posts: 13,075	I just hate auto-generated passes when I'm the one getting them __________________ Make easy money with Webcams

04-20-2009, 03:03 PM	#12
stickyfingerz Doin fine Industry Role: Join Date: Oct 2005 Posts: 24,983	I wish we didn't have to auto generate as I hate it too, but honestly people pick fucking retarded user / pass combo. Just stupid. lol

04-20-2009, 03:09 PM	#13
BobG Confirmed User Join Date: Nov 2003 Location: San Diego Posts: 4,274	auto gen with RoboForm or 1Password(mac). That way all your passwords are different but you have 1 master to access/fill

04-21-2009, 05:10 AM	#17
XR2 Registered User Join Date: Apr 2009 Location: London(UK) Posts: 38	Depends on the type of site, e.g a dating site, allow users to enter thier own, as getting onto the site is part of the sales funnel, and you don't want to loose a customer when they can't remember a pass and thier email is bolloxed. For a paysite, I would autogen to ensure that its strong.

04-21-2009, 02:18 PM	#21
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	Letting users choose their own passwords sucks because so many choose "password" for their password, or something equally as easy to guess. A great many will choose a dictionary word or a variation on a dictionary word, such as adding a single digit to the end, so that's easy for the bad guys to guess. Typical auto generated passwords suck because "Ad%O$#908sD^!" is very hard to remember and easy to mistype. We found another approach which doesn't suck, and we made a free online tool for anyone who wants to use it. We generate passwords which LOOK like English words, so they are very easy to type and aren't too hard to remember. They are NOT actually words, though, so they won't be in the cracker's dictionary. Examples are frucspin and relitemer . The free tool to generate these can be found at: http://www.bettercgi.com/strongbox/passgen/ __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids

04-21-2009, 02:34 PM	#22
TeenCat Too lazy to set a koala Industry Role: Join Date: Jan 2007 Location: CZ/EU forever! Posts: 16,139	its not about random or not random if you use protection as strongbox. random passes are good for sites that cannot afford sb, pennywize or some ip blocking software ... but users dont like it ... even if you have hole in system and their random passes are "hacked" ... its not about random or not ... __________________ 6bot / Coming again very soon! Svit Zlin Radio 24/7!

04-21-2009, 02:36 PM	#23
NaughtyRob Two fresh affiliate progs Industry Role: Join Date: Nov 2004 Location: Inside teen pussy Posts: 29,602	Autogenerate with random is the best as well as using Proxypass. __________________ [email protected] Skype: 17026955414 Vacares Web Hosting - Protect Your Ass with Included Daily Backups

04-21-2009, 04:07 PM	#24
RyuLion ClubDomCash.com Industry Role: Join Date: Mar 2003 Location: San Diego Posts: 32,235	keep the votes coming! __________________ Adult Biz Consultant A tech head since 1995