Is it better to Auto-Genarate your New Member's User/Password?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • RyuLion
    • Mar 2003
    • 32364

    #1

    Is it better to Auto-Genarate your New Member's User/Password?

    Please vote.

    The advantage of auto-gen is, its a strong password vs. they usually choose a easy one which gets hacked.
    17
    Yes
    0%
    10
    No
    0%
    7

    Adult Biz Consultant A tech head since 1995
    Affiliate Support: Chaturbate | CCBill Live
  • MaDalton
    I am Amazing Content!
    • Feb 2004
    • 39861

    #2
    yes

    45678
    AmazingContent.com - providing only the best content and service since 2003
    Monetize your content on Veegaz.com - one of Germanies largest VOD sites
    Got German traffic? We convert it into money for you!
    Email: oltecconsult [at] gmail [dot] com

    Comment

    • psili
      Confirmed User
      • Apr 2003
      • 5526

      #3
      I hate auto-generated passwords... just more crap I have to hunt down and change. If a site auto generates my pass, and also requires an email confirmation link I need to click, I hate the site. Email confirmation is one thing, but I can't see how auto-generating something I should create myself; my login credentials, regardless of how retarded they may be, should be left up to me.

      Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper?
      Your post count means nothing.

      Comment

      • RyuLion
        • Mar 2003
        • 32364

        #4
        Originally posted by psili
        I hate auto-generated passwords... just more crap I have to hunt down and change. If a site auto generates my pass, and also requires an email confirmation link I need to click, I hate the site. Email confirmation is one thing, but I can't see how auto-generating something I should create myself; my login credentials, regardless of how retarded they may be, should be left up to me.

        Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper?
        right from the horses mouth! nice!

        Adult Biz Consultant A tech head since 1995
        Affiliate Support: Chaturbate | CCBill Live

        Comment

        • MaDalton
          I am Amazing Content!
          • Feb 2004
          • 39861

          #5
          Originally posted by psili
          I hate auto-generated passwords... just more crap I have to hunt down and change. If a site auto generates my pass, and also requires an email confirmation link I need to click, I hate the site. Email confirmation is one thing, but I can't see how auto-generating something I should create myself; my login credentials, regardless of how retarded they may be, should be left up to me.

          Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper?
          since people tend to use the same passwords everywhere only one security breach on one site can compromise all other sites where that person signed up. it's pretty common to try out existing user/pass combinations.
          does not prevent posting of user/pass somewhere, but decreases the chances of password hacks
          AmazingContent.com - providing only the best content and service since 2003
          Monetize your content on Veegaz.com - one of Germanies largest VOD sites
          Got German traffic? We convert it into money for you!
          Email: oltecconsult [at] gmail [dot] com

          Comment

          • jmk
            Confirmed User
            • Sep 2002
            • 5391

            #6
            Technically yes, practically no

            Comment

            • INDY500DRIVER
              Confirmed User
              • Apr 2008
              • 622

              #7
              You could let them generate the password themselves and then auto-expire every 30 days to protect from content theivin...
              http://mega.co.nz

              Comment

              • Manowar
                jellyfish  
                • Dec 2003
                • 71528

                #8
                Originally posted by INDY500DRIVER
                You could let them generate the password themselves and then auto-expire every 30 days to protect from content theivin...
                would increase support tickets of people wondering why their pass doesnt work

                Comment

                • Kellie
                  Cherry Pimps
                  • Aug 2005
                  • 1198

                  #9
                  Auto Gen


                  Traffic Pimps Webmaster / Content Manager
                  Email: [email protected]
                  Skype: kellie_az
                  ICQ: 216375050

                  Comment

                  • psili
                    Confirmed User
                    • Apr 2003
                    • 5526

                    #10
                    Originally posted by MaDalton
                    since people tend to use the same passwords everywhere only one security breach on one site can compromise all other sites where that person signed up. it's pretty common to try out existing user/pass combinations.
                    does not prevent posting of user/pass somewhere, but decreases the chances of password hacks
                    That's a very good point.

                    Then again, what is one trying to protect: user stupidity or content of a site the user joins up with? As we all know, "security is a myth". Does one make the user jump through hoops to join, or just let the user in. One can even implement a solution that keeps track of logged in accounts and denies subsequent logins from the same account if a threshold is met. Then you run into dumb users sharing their logins and not realizing they were stupid and you have a help desk issue as Manowar pointed out.

                    I've got no answers. I just hate auto-generated passes.
                    Your post count means nothing.

                    Comment

                    • CIVMatt
                      Amateur Pimpin
                      • Aug 2004
                      • 13075

                      #11
                      I just hate auto-generated passes when I'm the one getting them
                      Make easy money with Webcams

                      Comment

                      • stickyfingerz
                        Doin fine
                        • Oct 2005
                        • 24984

                        #12
                        I wish we didn't have to auto generate as I hate it too, but honestly people pick fucking retarded user / pass combo. Just stupid. lol

                        Comment

                        • BobG
                          Confirmed User
                          • Nov 2003
                          • 4274

                          #13
                          auto gen with RoboForm or 1Password(mac). That way all your passwords are different but you have 1 master to access/fill

                          Comment

                          • BlackElf
                            Confirmed User
                            • Jun 2004
                            • 1171

                            #14
                            Originally posted by psili
                            ..
                            Really, how is "asd%$#908sd!!" as a password different from "fuck" when both can get posted somewhere or pasted into a scraper?
                            It is different since "fuck" will be more likely to be included in a brute force attack on a site
                            on the other hand "asd%$#908sd!!" is unlikely to be on a brute force attack.
                            exhelp AT bibar | DOT | com (please include your ICQ when emailing me)
                            What ppl say about BlackElf

                            Comment

                            • After Shock Media
                              It's coming look busy
                              • Mar 2001
                              • 35299

                              #15
                              Originally posted by BlackElf
                              It is different since "fuck" will be more likely to be included in a brute force attack on a site
                              on the other hand "asd%$#908sd!!" is unlikely to be on a brute force attack.
                              About sums it up.
                              Makes it harder for brute shit, and for username/passwords being compromised at one site and then the person gets nailed everywhere else on top of it for using the same ones.

                              Just remind the people to click the save log in detail box or whatever.

                              [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

                              Comment

                              • Bashcab
                                Confirmed User
                                • Oct 2008
                                • 770

                                #16
                                Originally posted by BobG
                                auto gen with RoboForm or 1Password(mac). That way all your passwords are different but you have 1 master to access/fill
                                Roboform





                                Comment

                                • XR2
                                  Registered User
                                  • Apr 2009
                                  • 38

                                  #17
                                  Depends on the type of site, e.g a dating site, allow users to enter thier own, as getting onto the site is part of the sales funnel, and you don't want to loose a customer when they can't remember a pass and thier email is bolloxed. For a paysite, I would autogen to ensure that its strong.

                                  Comment

                                  • papagmp
                                    Confirmed User
                                    • Mar 2008
                                    • 618

                                    #18
                                    Originally posted by stickyfingerz
                                    I wish we didn't have to auto generate as I hate it too, but honestly people pick fucking retarded user / pass combo. Just stupid. lol
                                    Isn't that the truth - we went to auto generated passwords about two years ago - we get the occasional help desk request for a lost password but it hasn't been a real problem.
                                    Real Amateur Porn, Amateur Teens, Sister Porn......
                                    www.gmpcash.com

                                    Comment

                                    • sortie
                                      Confirmed User
                                      • Mar 2007
                                      • 7771

                                      #19
                                      Originally posted by RyuLion
                                      Please vote.

                                      The advantage of auto-gen is, its a strong password vs. they usually choose a easy one which gets hacked.
                                      Gen is best to get a strong pass word but you can also require a 8 character pass word
                                      and this increases the pass word strength.

                                      However when the user creates the pass word the pass word traders can sometimes
                                      be spotted right away by the pass word they chose.

                                      When a join comes in and the pass word is "123456" I just immediately delete the
                                      user and issue a refund. It's going to chargeback/bounce anyway so just kill the account
                                      before that happens.

                                      I wouldn't catch those if I generate the password myself.

                                      Comment

                                      • RyuLion
                                        • Mar 2003
                                        • 32364

                                        #20
                                        Originally posted by sortie
                                        Gen is best to get a strong pass word but you can also require a 8 character pass word
                                        and this increases the pass word strength.

                                        However when the user creates the pass word the pass word traders can sometimes
                                        be spotted right away by the pass word they chose.

                                        When a join comes in and the pass word is "123456" I just immediately delete the
                                        user and issue a refund. It's going to chargeback/bounce anyway so just kill the account
                                        before that happens.

                                        I wouldn't catch those if I generate the password myself.
                                        Wow! this is a good one!

                                        Adult Biz Consultant A tech head since 1995
                                        Affiliate Support: Chaturbate | CCBill Live

                                        Comment

                                        • raymor
                                          Confirmed User
                                          • Oct 2002
                                          • 3745

                                          #21
                                          Letting users choose their own passwords sucks because so many choose "password"
                                          for their password, or something equally as easy to guess. A great many will choose
                                          a dictionary word or a variation on a dictionary word, such as adding a single digit to
                                          the end, so that's easy for the bad guys to guess.

                                          Typical auto generated passwords suck because "Ad%O$#908sD^!" is very hard to
                                          remember and easy to mistype. We found another approach which doesn't suck, and
                                          we made a free online tool for anyone who wants to use it. We generate passwords which
                                          LOOK like English words, so they are very easy to type and aren't too hard to remember.
                                          They are NOT actually words, though, so they won't be in the cracker's dictionary.
                                          Examples are frucspin and relitemer . The free tool to generate these can be found at:
                                          http://www.bettercgi.com/strongbox/passgen/
                                          For historical display only. This information is not current:
                                          support@bettercgi.com ICQ 7208627
                                          Strongbox - The next generation in site security
                                          Throttlebox - The next generation in bandwidth control
                                          Clonebox - Backup and disaster recovery on steroids

                                          Comment

                                          • TeenCat
                                            Too lazy to set a koala
                                            • Jan 2007
                                            • 16131

                                            #22
                                            its not about random or not random if you use protection as strongbox. random passes are good for sites that cannot afford sb, pennywize or some ip blocking software ... but users dont like it ... even if you have hole in system and their random passes are "hacked" ... its not about random or not ...

                                            6bot
                                            / Coming again very soon!
                                            Svit Zlin Radio 24/7!

                                            Comment

                                            • NaughtyRob
                                              Two fresh affiliate progs
                                              • Nov 2004
                                              • 29602

                                              #23
                                              Autogenerate with random is the best as well as using Proxypass.
                                              [email protected]
                                              Skype: 17026955414
                                              Vacares Web Hosting - Protect Your Ass with Included Daily Backups

                                              Comment

                                              • RyuLion
                                                • Mar 2003
                                                • 32364

                                                #24
                                                keep the votes coming!

                                                Adult Biz Consultant A tech head since 1995
                                                Affiliate Support: Chaturbate | CCBill Live

                                                Comment

                                                Working...