[Coco] Mystic BBS

Jeff Teunissen deek at d2dc.net
Mon Sep 30 22:44:55 EDT 2019


That's even worse. Having to change your bad password every 90 days to
another bad password (which, in the worst cases, saves the hashes of N
previous passwords to keep you from reusing them) virtually
_guarantees_ that anyone who bothers using it is going to have their
password written down on paper somewhere.

Requiring lots of numbers and other crap like punctuation (which are
not memorable for a human user, but trivial for a computer to
brute-force) reduces security, it doesn't improve it. Requiring
frequent password changes does the same. There's a very good reason
places like Microsoft have changed their guidelines for password
security to avoid such things.

On Mon, Sep 30, 2019 at 6:45 PM phil pt <ptaylor2446 at gmail.com> wrote:
>
> Mystic bbs a much better passwords system then Synchronet BBS and the min
> of charector password is just the recommendation and you can use 3,4,5,6,7
> Caps and what every you want. The users password can be up to 16 chars and
> may be able handle more then 24 chars.
>
> The password policy is set to force the user to change their psswords every
> 90 days. There is much more security feature that is included, but that is
> not public information.
>
> On Mon, Sep 30, 2019 at 4:17 PM Dave Philipsen <dave at davebiz.com> wrote:
>
> > Well said, I agree.
> >
> >
> >
> > > On Sep 30, 2019, at 2:31 PM, RETRO Innovations <go4retro at go4retro.com>
> > wrote:
> > >
> > > On 9/29/2019 7:21 PM, Bill Gunshannon wrote:
> > >>> On 9/29/19 4:51 PM, Jeff Teunissen wrote:
> > >>> Your password requirements are really terrible.
> > >>>
> > >>> "7 characters, 1 capital letter, 3 numbers, 1 symbol" is a very
> > >>> insecure password scheme. It's bad enough that most people will write
> > >>> it down rather than try to remember a password that matches it --
> > >>> while simultaneously being very easy for a computer to guess. It's the
> > >>> opposite of a good password scheme, that being one that a person can
> > >>> memorize easily while being hard to guess.
> > >>>
> > >>> I killed the new user session, it just wasn't worth completing.
> > >>>
> > >> Not to mention that he is using protocols that pass that password
> > >> in the clear.
> > >>
> > >> bill
> > >>
> > >>
> > > Lots of folks put telnet BBSes online like this.  And, many don't have
> > password restriction at all, since password complexity was not always
> > considered on BBS programs back in the day. C'mon folks, don't rain on the
> > parade.  As Sean notes, use a different password than your normal ones for
> > Banks and such, and enjoy a trip down memory lane.
> > >
> > > Jim
> > >
> > > --
> > > RETRO Innovations, Contemporary Gear for Classic Systems
> > > www.go4retro.com
> > > store.go4retro.com
> > >
> > >
> > > --
> > > Coco mailing list
> > > Coco at maltedmedia.com
> > > https://pairlist5.pair.net/mailman/listinfo/coco
> >
> >
> > --
> > Coco mailing list
> > Coco at maltedmedia.com
> > https://pairlist5.pair.net/mailman/listinfo/coco
> >
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> https://pairlist5.pair.net/mailman/listinfo/coco


More information about the Coco mailing list