Thread: The Technology Vent and Rant Thread
View Single Post
Old 11-27-2024, 09:12 AM   #2138
ratinox
Guru
ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.
 
Posts: 803
Karma: 11053908
Join Date: Oct 2016
Location: Somewhere in Time
Device: Forma, iPad Mini
Quote:
Originally Posted by Solitaire1 View Post
I think the problem is that the AI that generates the test isn't intelligent enough to test humans.
There also are the proofs that bots can solve capchas much faster and much more consistently than humans. But web sites still use them because "we've always done it that way" along with worse than useless password rules[1] and password change policies[2].

[1] Rules may increase the strength of an individual password but typically don't: "pa$$w0rd" is no stronger than "password". Rules actually weaken the entire corpus of passwords since an attacker knows, for example, that every password must have at least one number and at least one punctuation.

[2] Forced password change policies don't work and in fact have the opposite effect: just as rules encourage users to use bad passwords with easily remembered character alternates (! or 1 for i, 0 for o, etc), change policies encourage the same behavior at the password level: password1, password2, password3, etc.
ratinox is offline   Reply With Quote