First, I would recommend choosing something you love so that it is easy to remember but still make sure that it is more than 8 characters long
E.G: Doubledohnut5959_xX
HELPFUL TIP: Make it complicated because that makes it more secure but make sure you either write it down or put so you remember it.

when green flag clicked
say [Keeping your password secure!]

ResExsention wrote:

Lol. I have four passwords between 12 and 30 characters long, and I don't forget them, and I use the KeePass manager to generate random passwords for more critical accounts. It's the younger users of Scratch that concern me and lost accounts. Then they would have to go through the hassle of getting their account back, over a “no passwords less than 8 chars” rule.

There is currently a 6 character limit password. I don't think raising that one small limit by one or two would affect anyone. And again, you don't lose your account, you have an option to change your password via e-mail if you forgot your pass.

littlemermaid852 wrote:

First, I would recommend choosing something you love so that it is easy to remember but still make sure that it is more than 8 characters long
E.G: Doubledohnut5959_xX
HELPFUL TIP: Make it complicated because that makes it more secure but make sure you either write it down or put so you remember it.

Complexity does not make it more secure, length does. Complexity and randomness just makes it harder for humans to crack a password, but not for computers. Plus, the more complicated your password is, the less you are likely to remember it. xkcd illustrates it pretty well. “yeet lamp IKEA chair” is long, easy to remember, and hard for computers to crack (practically impossible - 93 bits of entropy), whereas “pL@t!Pu5” is the complete opposite.

littlemermaid852 wrote:

First, I would recommend choosing something you love so that it is easy to remember but still make sure that it is more than 8 characters long
E.G: Doubledohnut5959_xX
HELPFUL TIP: Make it complicated because that makes it more secure but make sure you either write it down or put so you remember it.

when green flag clicked
say [Keeping your password secure!]

I appreciate your tips, however I do have quite a few long passwords that just won't get out of my head. They are quite random, too, and are literally just a long string of numbers and letters that have no pattern whatsoever and sometimes symbols (they would take forever for a human to crack), but thanks for the tips.

NilsTheBest wrote:

littlemermaid852 wrote:

First, I would recommend choosing something you love so that it is easy to remember but still make sure that it is more than 8 characters long
E.G: Doubledohnut5959_xX
HELPFUL TIP: Make it complicated because that makes it more secure but make sure you either write it down or put so you remember it.

Complexity does not make it more secure, length does. Complexity and randomness just makes it harder for humans to crack a password, but not for computers. Plus, the more complicated your password is, the less you are likely to remember it. xkcd illustrates it pretty well. “yeet lamp IKEA chair” is long, easy to remember, and hard for computers to crack (practically impossible - 93 bits of entropy), whereas “pL@t!Pu5” is the complete opposite.

Well, no. Complex but short passwords are easily broken by brute force, but long but rather simple passwords can be neutralized by calculated guesses. You should aim for a combination of both of them, including symbols, numbers, letters, and caps on your strongest passwords.

Or remove the hassle and use an open source password manager so you don't get any big companies logging your passwords. I have generated quite a few long, meaningless passwords out of that and retain a master password for myself, which is my strongest so far.

Plus, I never write my passwords down. Maybe I have a good memory or just have some patterns that just won't get out of my head, and build my passwords out of that.

ResExsention wrote:

Well, no. Complex but short passwords are easily broken by brute force, but long but rather simple passwords can be neutralized by calculated guesses. You should aim for a combination of both of them, including symbols, numbers, letters, and caps on your strongest passwords.

Or remove the hassle and use an open source password manager so you don't get any big companies logging your passwords. I have generated quite a few long, meaningless passwords out of that and retain a master password for myself, which is my strongest so far.

Plus, I never write my passwords down. Maybe I have a good memory or just have some patterns that just won't get out of my head, and build my passwords out of that.

Could you elaborate on “calculated guesses”? I don't see how “yeet lamp IKEA chair” can easily be calculated or found (this isn't my password btw)

NilsTheBest wrote:

ResExsention wrote:

Well, no. Complex but short passwords are easily broken by brute force, but long but rather simple passwords can be neutralized by calculated guesses. You should aim for a combination of both of them, including symbols, numbers, letters, and caps on your strongest passwords.

Or remove the hassle and use an open source password manager so you don't get any big companies logging your passwords. I have generated quite a few long, meaningless passwords out of that and retain a master password for myself, which is my strongest so far.

Plus, I never write my passwords down. Maybe I have a good memory or just have some patterns that just won't get out of my head, and build my passwords out of that.

Could you elaborate on “calculated guesses”? I don't see how “yeet lamp IKEA chair” can easily be calculated or found (this isn't my password btw)

While “yeet lamp IKEA chair” is certainly hard to guess from a pure brute force each letter perspective, it is still easier to guess than something like “tN2CnIRH5J82IlKMOTOG” (random.org). Especially if you know a lot about a person, you can use a dictionary lookup to try and guess the password. For example, if my password was “In My Fathers House” then my password would be vulnerable even though the password is pretty long (it's the acronym of my username, lyrics from a song).

Making just a few changes, such as adding some random symbols, omitting/adding spaces, and misspelling words, can make the password much harder to guess: “|n My Father's #ouse 123” Someone who doesn't know for sure that my username is based on the original sentence is probably not going to spend a lot of time trying the many variations available. Ideally though it should be hard to guess even if they do know what it is based on.

tl;dr Adding a few random variations to an already long password but simple can make it dramatically more difficult to guess.

Yep. Agreed. However, I really don't think Scratch should force people to make long passwords, again, this will probably lead to lost accounts in younger users. Either that, or a password like “my name is george”. Easy to guess, isn't it.

But I suggest we keep the password strength suggestion. Seems extremely useful.

What about people who already have a shorter password than that?

Mr_PenguinAlex wrote:

What about people who already have a shorter password than that?

Notify them somehow. It's probably not worth making a whole announcement about it, just a quick message for example, explaining.

NilsTheBest wrote:

bump

original bump, right?

nO pOsTiNg uNrELaTeD sTuFf

Full support! This could stop hackers and it could get kids into the habit of using strong passwords!

Green_Cookie wrote:

Full support! This could stop hackers and it could get kids into the habit of using strong passwords!

Yeah, but it could also lead to lost accounts because the kids might not be able to remember such a long password.

And no, it won't stop hackers. Do you know how fast a computer could break an 8 character password just by trying every single possible combination (brute force)?

I think people should be able to make their own decisions. The best way to learn is by experience. People should find the right password on their own, so that years from now rather than having a bunch of very secure websites, we’ll all know how to make a strong password on our own.

We must give others the right to think for themselves. That is the only way they will learn. Otherwise, we will just be forcing them away. Freedom is very important to me And I place it above almost all else. I couldn't agree more with JC20092009.

CKCG wrote:

We must give others the right to think for themselves. That is the only way they will learn. Otherwise, we will just be forcing them away. Freedom is very important to me And I place it above almost all else. I couldn't agree more with JC20092009.

“Let's not put guard rails in front of this 200-meter cliff that children like to play around; they'll only learn not to once one of them falls off. After all, we have to give them the freedom of walking wherever they so please. Besides, we already have a small wooden sign that says ‘Don’t fall off!' so what's the point of having rails anyways?”

Support. This would make it harder for password guessers to hack your account.
Ooh it’s been 2 years since the last post. Is this necroposting?

JC20092009 wrote:

I think people should be able to make their own decisions. The best way to learn is by experience. People should find the right password on their own, so that years from now rather than having a bunch of very secure websites, we’ll all know how to make a strong password on our own.

People shouldn't have to get hacked to have experience in making good passwords. Having a “high” (8-9 chars isn't a lot) minimum character requirement ultimately teaches people to make good passwords faster and better than if there was a lower requirement. Support

Semi-support
Younger kids might forget the password, but they can reset it and learn too choose something they remember