Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> if we just require long passwords, no other requirement

... then I bet lots of users will choose passwords like "passwordpasswordpassword".



Possibly, but I sure would like some data on this. Theoretically, I could try this out by getting approved from the CIO first and then just checking the hash vs the hash for passwordpasswordpassword and passwordpasswordpasswordpassword as well as any password in the top 100 from the previous leak that was > 16 characters (not sure if there are any). As said, I'd like some to get some real data as opposed to stipulations, but obviously it's hard to get this kind of data.


I'd go with passwordpasswordpasswordpassword. Just to be safe.


Great idea. Everyone knows about passwordpasswordpassword.


But does anyone know thisisnotapasswordthisisnotapasswordthisisnotapassword ?

... with all due apologies to PIL.


The wise thing is to allow for and encourage the use of passphrases. Sentences are both easier to remember and harder to guess!


and of course only an alliteratively poetic machinist would think to use "sublimeswarfswirlsslowly"




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: