cfallen 0 Posted October 12, 2012 Posted October 12, 2012 I'd really love to be able to include a space in a password for more security. Also individually passworded notes/private notes.
Level 5* GrumpyMonkey 4,320 Posted October 12, 2012 Level 5* Posted October 12, 2012 I'd really love to be able to include a space in a password for more security. Also individually passworded notes/private notes. Hi. Welcome to the forums. Does anyone allow spaces, and how would that increase security? My recommendation would be to use random, regularly changed, and long passwords. These are far more effective than a space would be, and they are immediately accessible in the app now As for password protecting notes, you can do that on the desktop by selecting a block of text and right clicking to get the option.
cfallen 0 Posted October 12, 2012 Author Posted October 12, 2012 Thanks for the reply Grumpy.Mutli word passwords have been shown to defeat brute force password hackers where normal password fail. "Spot chases the ball" is a better password than "Alison2012". Most web site/apps allow spaces. After all a space is just another ASCII character, if you don't allow it then the password is easier to crack. Your 'recommendation' is good but does not replace the use of a strong password that include spaces.In any case, I am a user of Evernote and the customer is always right ;-)Give me a good reason why you CAN'T allow spaces.Re password protecting notes - what desktop? what right-click? I use Android app and web site.cfallen
Level 5* GrumpyMonkey 4,320 Posted October 12, 2012 Level 5* Posted October 12, 2012 Thanks for the reply Grumpy.Mutli word passwords have been shown to defeat brute force password hackers where normal password fail. "Spot chases the ball" is a better password than "Alison2012". Most web site/apps allow spaces. After all a space is just another ASCII character, if you don't allow it then the password is easier to crack. Your 'recommendation' is good but does not replace the use of a strong password that include spaces.In any case, I am a user of Evernote and the customer is always right ;-)Give me a good reason why you CAN'T allow spaces.Re password protecting notes - what desktop? what right-click? I use Android app and web site.cfallenHi. (1) Do Spaces Matter?Maybe spaces are the secret ingredient. I don't know, but I don't see them coming up among discussions by experts. My takeaway from this Ars Technica article (http://arstechnica.com/security/2012/08/passwords-under-assault/) is that we all need long, unique, random, regularly changed passwords. If spaces are not going to help much, then why should Evernote invest resources into them?(2) The Customer Isn't Always RightSorry. It's just not true, and you can test this yourself by looking at this thread! I don't want Evernote to invest their resources into providing support for spaces. You do. Both of us can't be "right"! But, one of us can be more persuasive. If you have a more persuasive argument to support your case, you are in luck, because developers read these forums and sometimes take up our requests.(3) Password protectionI don't think the Android and Web clients will encrypt notes (thereby providing protection). Sorry. It would be nice if they did, so we agree there!
Level 5* gazumped 12,213 Posted October 12, 2012 Level 5* Posted October 12, 2012 I once read a long, scholarly article (but sadly didn't Evernote it!!) that 'proved' that long passwords with spaces were 1) easier to remember and 2) harder to crack - so hard in fact that thousands or millions of processor years were quoted as being the requirement for a brute-force hack. The root of the argument was "you can never predict where the space might come". I was idly impressed with that, but more taken by the fact that a phrase - like a line from a poem - is a darn sight easier to remember that a long series of random characters. Longer passwords are clearly more protection against brute-force approaches, but Mxyztplk is about as much as I can handle in random-speak.Then, when trying to explain this to someone else, it occurred to me that brute-force hacks require trying all the alphanumeric characters in every available position - and that a 'space' character is just one more character. So in adding a space, you kick the number of variables up from 62 (a-z, A-Z, 0-9) to 63.That's a significant improvement, don't get me wrong; but no better than adding $ % & or * - and lots of websites now allow any character in passwords, so you can get 255x255x255... levels of security, and you are getting towards 'age of the Universe' levels of protection.Having said all of which: as long as the current system is secure, and we have no sign that it is not, I'd rather see shiny new features than have someone spending lots of time polishing the brasswork.I'm sure the Evernote Powers That Be will take all of this on board when they're considering the next step in their ongoing plan to take over the world - and maybe they already have plane to beef up security. We may never know until the next release!
Level 5* GrumpyMonkey 4,320 Posted October 12, 2012 Level 5* Posted October 12, 2012 Agreed. The difference between a space and an underscore, from the perspective of a computer, is negligible.Using a password manager, you can easily manage hundreds of random passwords of any length. For those of you old enough, and fortunate enough to have watched Star Trek the Next Generation, you'll know the value of modulating laser and shield frequencies -- in other words, regularly changing the passwords in a random manner that makes it impossible for your Borg opponents to handle.I am quite confident that a good hacker (the NSA or another state-funded entity) could break my passwords, but only if they are really determined (long, random, and unique passwords) and quick (regularly changing). I don't think a space will present a significant deterrent to hackers. And, as the article I linked to said, non-random, short passwords are breakable within a few seconds / minutes. In a sense, it doesn't matter what the content of a password is, as long as it is long.
BurgersNFries 2,407 Posted October 12, 2012 Posted October 12, 2012 I am quite confident that a good hacker (the NSA or another state-funded entity) could break my passwords, but only if they are really determined (long, random, and unique passwords) and quick (regularly changing). I don't think a space will present a significant deterrent to hackers. And, as the article I linked to said, non-random, short passwords are breakable within a few seconds / minutes. In a sense, it doesn't matter what the content of a password is, as long as it is long.Agreed. IMO, us "regular folks" who have strong passwords likely have nothing to worry about. Think about it... Unless one has worked for the CIA, has billions of dollars or slept with a President, what draw is there to brute force into our accounts??? As GM has pointed out before (and I agree), often the reason "regular folks" get hacked is because they don't put PINS on their phones/computers or use strong passwords (that are not easily guessed like your dog's name). Once a hacker realizes it's going to take a brute force attack, unless you are an obvious/intentional target (aforementioned CIA employment, financial status or sexual activity), then they are going to move on to the next potential target.
Level 5* GrumpyMonkey 4,320 Posted October 12, 2012 Level 5* Posted October 12, 2012 Once a hacker realizes it's going to take a brute force attack, unless you are an obvious/intentional target (aforementioned CIA employment, financial status or sexual activity), then they are going to move on to the next potential target."Sexual activity"? Do hackers and governments target you more the more sexually active you are?
BurgersNFries 2,407 Posted October 12, 2012 Posted October 12, 2012 Once a hacker realizes it's going to take a brute force attack, unless you are an obvious/intentional target (aforementioned CIA employment, financial status or sexual activity), then they are going to move on to the next potential target. "Sexual activity"? Do hackers and governments target you more the more sexually active you are? I don't think it's quantity...rather if you've slept with someone famous. It may increase your chances of getting hacked if you've slept with a lot of famous people...??? I don't know. OTOH, if you've slept with a lot of Hollywood folks, probably not hacker target material, since that's probably already out there in People, Us or one's autobiography. OTOH, if you've slept with someone like a President. Or if you have photos of a naked future Queen of England...you may want to have a really, really, really strong password.
cfallen 0 Posted October 12, 2012 Author Posted October 12, 2012 You have it right there GM, longer is better where passwords (and sexual activity?) are concerned. But that's the point. "The Queen of Sheba" is a more memorable phrase than 3v3rn0t31sth3B35t but just as secure - in fact more secure because of there are 63 possible characters instead of 62, and, I disagree with you here, it does make a significant difference.Here's some interesting web content for you:http://programmers.stackexchange.com/questions/126924/why-do-certain-sites-prevent-spaces-in-passwordshttp://www.symantec.com/connect/articles/ten-windows-password-mythshttp://stackoverflow.com/questions/632167/should-users-be-allowed-to-entered-a-password-with-a-space-at-the-beginning-or-eYes, there are lot's of fancy new bells and whistles that we'd love to see in the app, in the end however, it's getting the basics right that makes for the superb experience that we all enjoy.
Level 5* jefito 5,598 Posted October 12, 2012 Level 5* Posted October 12, 2012 Personally, I think it's a fair request, but it's just not clear to me that allowing for spaces in passwords is a 'basic', particularly when you can already include punctuation in your password. Your "The Queen of Sheba" vs. "3v3rn0t31sth3B35t" is a bit of a straw personage, since you can just as easily use "The-Queen-of-Sheba" without any loss of security (aside from the extra little bit you get by extending the range of characters to include space characters).
cfallen 0 Posted October 12, 2012 Author Posted October 12, 2012 Fair enough jefito! I can't ever forget my EN password after this little conversation so whats the deal... Of the Web/smartphone apps I use only 3 do not accept spaces: Lastfm, Skype and Vodafone. There are many more that do than don't. I just expect EN to conform with what I consider a basic functionality of passwords and make our lives easier (those other apps too!).
Level 5* GrumpyMonkey 4,320 Posted October 12, 2012 Level 5* Posted October 12, 2012 You have it right there GM, longer is better where passwords (and sexual activity?) are concerned. But that's the point. "The Queen of Sheba" is a more memorable phrase than 3v3rn0t31sth3B35t but just as secure - in fact more secure because of there are 63 possible characters instead of 62, and, I disagree with you here, it does make a significant difference.Here's some interesting web content for you:http://programmers.s...es-in-passwordshttp://www.symantec....-password-mythshttp://stackoverflow...-beginning-or-eYes, there are lot's of fancy new bells and whistles that we'd love to see in the app, in the end however, it's getting the basics right that makes for the superb experience that we all enjoy.The information feels outdated to me. I could be wrong, but the dictionary hacks and the huge number of password breaches in recent years have allowed hackers to construct much more sophisticated attacks. I haven't heard any expert these days say that memorable passwords are as secure as random ones. It's not just the length, but the random element that makes long passwords so powerful. Again, I think the Ars Technica article explains why.
Level 5 jbenson2 2,149 Posted October 12, 2012 Level 5 Posted October 12, 2012 Using this site to analyze the two 18 character passwordshttps://www.grc.com/haystack.htmImportant to point out that the site is not a Password Strength measurement. It is a Search Space Calculator.See the link for the discussion.The Queen of Sheeba wins by a huge margin over 3v3rn0t31sth3B35tThe Queen of Sheba3 Uppercase, 12 Lowercase, 0 Digits, 3 symbols1.73 hundred billion centuries3v3rn0t31sth3B35t1 Uppercase, 8 Lowercase, 8 Digits, 0 Symbols9.55 million centuriesBut if Quantum computers are developed, neither version will be safe.
Level 5* GrumpyMonkey 4,320 Posted October 12, 2012 Level 5* Posted October 12, 2012 Using this site to analyze the two 18 character passwordshttps://www.grc.com/haystack.htmImportant to point out that the site is not a Password Strength measurement. It is a Search Space Calculator.See the link for the discussion.The Queen of Sheeba wins by a huge margin over 3v3rn0t31sth3B35tThe Queen of Sheba3 Uppercase, 12 Lowercase, 0 Digits, 3 symbols1.73 hundred billion centuries3v3rn0t31sth3B35t1 Uppercase, 8 Lowercase, 8 Digits, 0 Symbols9.55 million centuriesBut if Quantum computers are developed, neither version will be safe.I've never quite understood this site. Hackers don't just randomly throw in characters, and all this site does is calculate the size. As long as the content is not random, then it is useless, right? It's not just size that matters, especially if your password is not unique and random. If site X gets hacked, and you are using a similar password, then site Y and Z becomes vulnerable. At least, that is how I understand it.
Level 5* jefito 5,598 Posted October 12, 2012 Level 5* Posted October 12, 2012 The Queen of Sheeba wins by a huge margin over 3v3rn0t31sth3B35tIt's a fun game to play, but perhaps open to less than scientifically rigorous results. For one, you're comparing a 19-character password to a 17-character password. So try extending "3v3rn0t31sth3B35t" by two punctuation characters: 3v3rn0t31sth3B35t!!, and it's a winner. You can also replace the spaces in "Queen of Sheeba" with '.' or '-' and get the identical result.
Level 5* GrumpyMonkey 4,320 Posted October 12, 2012 Level 5* Posted October 12, 2012 The Queen of Sheeba wins by a huge margin over 3v3rn0t31sth3B35tIt's a fun game to play, but perhaps open to less than scientifically rigorous results. For one, you're comparing a 19-character password to a 17-character password. So try extending "3v3rn0t31sth3B35t" by two punctuation characters: 3v3rn0t31sth3B35t!!, and it's a winner. You can also replace the spaces in "Queen of Sheeba" with '.' or '-' and get the identical result.Yeah. I trust Ars Technica on this one. The super secure password of "abcdefghijklmnop1234567890" will supposedly take centuries to crack. LOL.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.