coder2045 wrote:

SavetheAtlantic wrote:

coder2045 wrote:

SavetheAtlantic wrote:

Za-Chary wrote:

Even “J0hNny4pPLe533D” is better than “JohnnyAppleseed”.

False. Adding random capitals, numbers, or other common substitutions does not improve security at all. Brute force methods will try thousands, sometimes millions, of combinations a second. Changing an E to a 3 will only add a few milliseconds until the password is eventually cracked, and you're simply making it harder for yourself to remember. Length is by far more important than silly characters.

It does fend off against anyone who knows your name and your Scratch account. If they know both and are willing to get into your account, it's free to them.

How would they know that one's password even is their name in the first place?

After stuff like “password” and “123456”, someone's name is one of the most common passwords. Sure, it won't help against random strangers, but any friends who are in the same school coding club or something can hack into someone with a bad password.

There are still too many combinations for a human to check. The first name only, or middle and last name as well? Capitals, and where? Characters in between names, and if so which? Humans do not crack passwords. If you know the person in question, it would be easier to simply shoulder surf or install a keylogger, which can't stop any password no matter how strong.

-An_Unnamed_User- wrote:

It will say: Looks like the password is a name, please type another password.

I don't think you understand my question. How would it detect full names?

historical_supa wrote:

-An_Unnamed_User- wrote:

It will say: Looks like the password is a name, please type another password.

I don't think you understand my question. How would it detect full names?

This too. Many names are valid English words, like Bill or Major - should they all be censored?

More password restrictions -> Less combinations -> Higher chance of guessing -> More insecure

Za-Chary wrote:

musicROCKS013 wrote:

IMO, your full name is a safe enough password. Unless you share it with someone on scratch (which would be sharing personal info and isn’t allowed), this isn’t guessable.

Ha, not if you know people in real life who know you use Scratch. It's better to just make a strong password from the get go. Even “J0hNny4pPLe533D” is better than “JohnnyAppleseed”.

that's actually… not true
NoMagic does a splendid video on storing passwords (which is my source)

Banana

EDIT: https://www.youtube.com/watch?v=cjdiIKFYeXQ&t=152s

EDIT 2: and naturally scratch doesn't skip to the right point in the video for the user.
see 2:32 of that video

It'd probably work best if it simply required the password to have 10 or more characters.

D-ScratchNinja wrote:

It'd probably work best if it simply required the password to have 10 or more characters.

There are 8 year olds here as well though
And even if your older you would have trouble remembering if it was that long

D-ScratchNinja wrote:

It'd probably work best if it simply required the password to have 10 or more characters.

What if a user's password is currently less than 10 digits? What would happen in the change?

EDIT: maybe this is only effective when changing/creating your password, and not for the password in general.

D-ScratchNinja wrote:

It'd probably work best if it simply required the password to have 10 or more characters.

I argee. Bots may try 10^10 (1 billion) passwords in just a second. 8-digit passwords are in danger for scratchers. Especially famous scratchers.

Prince_Wolf1 wrote:

D-ScratchNinja wrote:

It'd probably work best if it simply required the password to have 10 or more characters.

There are 8 year olds here as well though
And even if your older you would have trouble remembering if it was that long

They're hopefully using browser's that can remember passwords automatically

Last time I checked, Scratch doesn't support Internet Explorer

I think it should WARN you and say something like ‘are you sure you want to set this as your password, it kinda weak’ ( something like that)

DogeBurger wrote:

I think it should WARN you and say something like ‘are you sure you want to set this as your password, it kinda weak’ ( something like that)

That's a good idea. It could solve the concern stated in post #24

Goodbyeeeee my alts password!
Support. Little kids probably don’t know how to construct a password properly

dhuls wrote:

Prince_Wolf1 wrote:

D-ScratchNinja wrote:

It'd probably work best if it simply required the password to have 10 or more characters.

There are 8 year olds here as well though
And even if your older you would have trouble remembering if it was that long

They're hopefully using browser's that can remember passwords automatically

Last time I checked, Scratch doesn't support Internet Explorer

I had to set that up, so someone might not know about if it’s not auto

*But anyways, no support because, like sooommmeeeone (Idk who I’ll check) said, less combinations =less time= easier to guess
And also,sometimes common words or random things could be hard to guess or even if it’s just random numbers
Why is a hacker hacking scratch anyway?scratch is non-profit=not so much money for them
Also because ten letter passwords are hard to remember for most people, unless you’ve been using it all your life for school
Then the users who are 8 (prolly older too) without auto sign-in might forget and have to go threw the whole process of resetting their password
Rather than just having an common word hard to guess password

QuantumScratcher wrote:

More password restrictions -> Less combinations -> Higher chance of guessing -> More insecure

*Yeah that’s what might happen so this is also why no support

dhuls wrote:

zparkly wrote:

(#10)
perhaps instead of a blacklist like this, there should be some sort of requirements to ensure secure passwords

such as:
“J0hNny4pPLe533D”
at least one uppercase letter ✔️
at least one lowercase letter ✔️
at least one number ✔️
at least one special character ❌

or something very similar

(src)

(Let's go, Randell Munroe!!!) I don't really support this idea, as there are many simple passwords, and yet, they'd be quite hard to guess, and this algorithm would make it to where they can't do these simple passwords, which means, as the password gets more complex, the higher the chance of a person forgetting it and losing their account. And, of they have siblings, it wouldn't be a good idea to write your password down as your sibling might hack your account to annoy or get revenge for something.

zomboss1_1 wrote:

(Let's go, Randell Munroe!!!) I don't really support this idea, as there are many simple passwords, and yet, they'd be quite hard to guess, and this algorithm would make it to where they can't do these simple passwords, which means, as the password gets more complex, the higher the chance of a person forgetting it and losing their account. And, of they have siblings, it wouldn't be a good idea to write your password down as your sibling might hack your account to annoy or get revenge for something.

Yes!I personally have gone into my sisters account I’ll admit, and someone else on scratch got all their projects deleted because of their brother (that’s too fa4 for me , I did a crazy project and ven said it was me who did it) so writing it down would be a pretty bad idea, even if it’s on your device,because your sibling might know that password (we definitely know each other’s) so you could go to where they put it and still sign-in to your account!

Prince_Wolf1 wrote:

zomboss1_1 wrote:

(Let's go, Randell Munroe!!!) I don't really support this idea, as there are many simple passwords, and yet, they'd be quite hard to guess, and this algorithm would make it to where they can't do these simple passwords, which means, as the password gets more complex, the higher the chance of a person forgetting it and losing their account. And, of they have siblings, it wouldn't be a good idea to write your password down as your sibling might hack your account to annoy or get revenge for something.

Yes!I personally have gone into my sisters account I’ll admit, and someone else on scratch got all their projects deleted because of their brother (that’s too fa4 for me , I did a crazy project and ven said it was me who did it) so writing it down would be a pretty bad idea, even if it’s on your device,because your sibling might know that password (we definitely know each other’s) so you could go to where they put it and still sign-in to your account!

Another thing I would like to add: this is a childrenscoding website. Younger people tend to forget things a lot more easily. This would basically be condemning ones account to the abyss or hackers world.

zomboss1_1 wrote:

Prince_Wolf1 wrote:

zomboss1_1 wrote:

(Let's go, Randell Munroe!!!) I don't really support this idea, as there are many simple passwords, and yet, they'd be quite hard to guess, and this algorithm would make it to where they can't do these simple passwords, which means, as the password gets more complex, the higher the chance of a person forgetting it and losing their account. And, of they have siblings, it wouldn't be a good idea to write your password down as your sibling might hack your account to annoy or get revenge for something.

Yes!I personally have gone into my sisters account I’ll admit, and someone else on scratch got all their projects deleted because of their brother (that’s too fa4 for me , I did a crazy project and ven said it was me who did it) so writing it down would be a pretty bad idea, even if it’s on your device,because your sibling might know that password (we definitely know each other’s) so you could go to where they put it and still sign-in to your account!

Another thing I would like to add: this is a childrenscoding website. Younger people tend to forget things a lot more easily. This would basically be condemning ones account to the abyss or hackers world.

Yeah, tbh I can barely remember an easily 5678 password, little less a very strong one.having random stuff still works though, and I can remember it, so just because it looks easy doesn’t mean it is.and some people are just forgetful.

Prince_Wolf1 wrote:

zomboss1_1 wrote:

Prince_Wolf1 wrote:

zomboss1_1 wrote:

(Let's go, Randell Munroe!!!) I don't really support this idea, as there are many simple passwords, and yet, they'd be quite hard to guess, and this algorithm would make it to where they can't do these simple passwords, which means, as the password gets more complex, the higher the chance of a person forgetting it and losing their account. And, of they have siblings, it wouldn't be a good idea to write your password down as your sibling might hack your account to annoy or get revenge for something.

Yes!I personally have gone into my sisters account I’ll admit, and someone else on scratch got all their projects deleted because of their brother (that’s too fa4 for me , I did a crazy project and ven said it was me who did it) so writing it down would be a pretty bad idea, even if it’s on your device,because your sibling might know that password (we definitely know each other’s) so you could go to where they put it and still sign-in to your account!

Another thing I would like to add: this is a childrenscoding website. Younger people tend to forget things a lot more easily. This would basically be condemning ones account to the abyss or hackers world.

Yeah, tbh I can barely remember an easily 5678 password, little less a very strong one.having random stuff still works though, and I can remember it, so just because it looks easy doesn’t mean it is.and some people are just forgetful.

I just ran the calculations. There are, using 1-0 and a-z, six charecthers per password, 1.06387e56 possible passwords . (It's a very big number, that's what shows on my calculator.)
The odds of someone guessing that, is… Very, very low. And that doesn't include special characters.

zomboss1_1 wrote:

Prince_Wolf1 wrote:

zomboss1_1 wrote:

Prince_Wolf1 wrote:

zomboss1_1 wrote:

(Let's go, Randell Munroe!!!) I don't really support this idea, as there are many simple passwords, and yet, they'd be quite hard to guess, and this algorithm would make it to where they can't do these simple passwords, which means, as the password gets more complex, the higher the chance of a person forgetting it and losing their account. And, of they have siblings, it wouldn't be a good idea to write your password down as your sibling might hack your account to annoy or get revenge for something.

Yes!I personally have gone into my sisters account I’ll admit, and someone else on scratch got all their projects deleted because of their brother (that’s too fa4 for me , I did a crazy project and ven said it was me who did it) so writing it down would be a pretty bad idea, even if it’s on your device,because your sibling might know that password (we definitely know each other’s) so you could go to where they put it and still sign-in to your account!

Another thing I would like to add: this is a childrenscoding website. Younger people tend to forget things a lot more easily. This would basically be condemning ones account to the abyss or hackers world.

Yeah, tbh I can barely remember an easily 5678 password, little less a very strong one.having random stuff still works though, and I can remember it, so just because it looks easy doesn’t mean it is.and some people are just forgetful.

I just ran the calculations. There are, using 1-0 and a-z, six charecthers per password, 1.06387e56 possible passwords . (It's a very big number, that's what shows on my calculator.)
The odds of someone guessing that, is… Very, very low. And that doesn't include special characters.

Ok uh..
That’s a lot
So if someone was really determined for whatever reason to get into a scratchers password, it would still probably take years to hack them with a computer, by guessing, nearly impossible I would think unless they get extremely lucky..but why would someone, a determined hacker who has a lot of stuff for that kind of stuff, hack a kids acc?there’s not really a point (I mean unless idk?) for a hacker to take years to hack a kids acc…
Guessing is nearly impossible….
This suggestion doesn’t:t see the most needed to me…