DogeBurger wrote:

I think it should WARN you and say something like ‘are you sure you want to set this as your password, it kinda weak’ ( something like that)

I do support this

Prince_Wolf1 wrote:

zomboss1_1 wrote:

Prince_Wolf1 wrote:

zomboss1_1 wrote:

Prince_Wolf1 wrote:

zomboss1_1 wrote:

(Let's go, Randell Munroe!!!) I don't really support this idea, as there are many simple passwords, and yet, they'd be quite hard to guess, and this algorithm would make it to where they can't do these simple passwords, which means, as the password gets more complex, the higher the chance of a person forgetting it and losing their account. And, of they have siblings, it wouldn't be a good idea to write your password down as your sibling might hack your account to annoy or get revenge for something.

Yes!I personally have gone into my sisters account I’ll admit, and someone else on scratch got all their projects deleted because of their brother (that’s too fa4 for me , I did a crazy project and ven said it was me who did it) so writing it down would be a pretty bad idea, even if it’s on your device,because your sibling might know that password (we definitely know each other’s) so you could go to where they put it and still sign-in to your account!

Another thing I would like to add: this is a childrenscoding website. Younger people tend to forget things a lot more easily. This would basically be condemning ones account to the abyss or hackers world.

Yeah, tbh I can barely remember an easily 5678 password, little less a very strong one.having random stuff still works though, and I can remember it, so just because it looks easy doesn’t mean it is.and some people are just forgetful.

I just ran the calculations. There are, using 1-0 and a-z, six charecthers per password, 1.06387e56 possible passwords . (It's a very big number, that's what shows on my calculator.)
The odds of someone guessing that, is… Very, very low. And that doesn't include special characters.

Ok uh..
That’s a lot
So if someone was really determined for whatever reason to get into a scratchers password, it would still probably take years to hack them with a computer, by guessing, nearly impossible I would think unless they get extremely lucky..but why would someone, a determined hacker who has a lot of stuff for that kind of stuff, hack a kids acc?there’s not really a point (I mean unless idk?) for a hacker to take years to hack a kids acc…
Guessing is nearly impossible….
This suggestion doesn’t:t see the most needed to me…

Ok, I'll give some context on how much time that is. In this game I play, there is over 18 quintillion planets. Even to just land on each for a second, it'd still take 5 billion years. I'm pretty sure that number is bigger. So, like you said, it'd take years apon years, and isn't a very practical suggestion.

Maybe it shouldn't restrict what people's passwords can be, but before someone confirms their password, show a graphic about good and bad passwords?

no support at all I would literally commit break my computer if this is added.

its fine if they put a warning, but forcing you to use a “strong” (which doesn't help if the data is leaked) password is basically forcing people to reset their password everytime they have to log in.

atmost force them to use a long password, cuz “doja9idsadw90ajsdk” and “hellomynameisblablablahehehe” pretty much has the same security.
now, extremely weak passwords like “password” and “12345” might be fine to activate this ig, but even if its kinda weak, passwords like “ireallylovewatermelons” should be fine, since 1. its long, so brute force wouldn't work 2. its not super common, and theres like a few million (definitly more then million if its only in the millions its not secure lol) things in the world to love (especially since you could also write “ilovewatermelonwithketchup”), and you could just add a “really” or a “kinda” or a “like” instead.

DogCatPuppyLover wrote:

Maybe it shouldn't restrict what people's passwords can be, but before someone confirms their password, show a graphic about good and bad passwords?

Why? This just acknowledges the problem and does nothing about it. Every major website restricts what passwords you can and cannot make for a reason.

blablablahello wrote:

no support at all I would literally commit break my computer if this is added.

its fine if they put a warning, but forcing you to use a “strong” (which doesn't help if the data is leaked) password is basically forcing people to reset their password everytime they have to log in.

atmost force them to use a long password, cuz “doja9idsadw90ajsdk” and “hellomynameisblablablahehehe” pretty much has the same security.
now, extremely weak passwords like “password” and “12345” might be fine to activate this ig, but even if its kinda weak, passwords like “ireallylovewatermelons” should be fine, since 1. its long, so brute force wouldn't work 2. its not super common, and theres like a few million (definitly more then million if its only in the millions its not secure lol) things in the world to love (especially since you could also write “ilovewatermelonwithketchup”), and you could just add a “really” or a “kinda” or a “like” instead.

There's a difference between forcing you to choose a strong password, and not letting you pick common and simple passwords (i.e. lowercase letters and maybe a number only)

Bump ig

What about
qwertyuiopasdfghjklzxcvbnmmnbvcxzlkjhgfdsapoiuytrewqqazwsxedcrfvtgbyhnujmikolpplokimjunhybgtvfrcdexswzaqqwertyuioplmnbvcxzasdfghjk

Hmm what happens to accounts that have weak passwords then

coder2045 wrote:

SavetheAtlantic wrote:

coder2045 wrote:

SavetheAtlantic wrote:

Za-Chary wrote:

Even “J0hNny4pPLe533D” is better than “JohnnyAppleseed”.

False. Adding random capitals, numbers, or other common substitutions does not improve security at all. Brute force methods will try thousands, sometimes millions, of combinations a second. Changing an E to a 3 will only add a few milliseconds until the password is eventually cracked, and you're simply making it harder for yourself to remember. Length is by far more important than silly characters.

It does fend off against anyone who knows your name and your Scratch account. If they know both and are willing to get into your account, it's free to them.

How would they know that one's password even is their name in the first place?

After stuff like “password” and “123456”, someone's name is one of the most common passwords. Sure, it won't help against random strangers, but any friends who are in the same school coding club or something can hack into someone with a bad password.

If you’re hacked by someone who you know irl then consider yourself lucky. It’s beyond easy to get your account back.

gdfsgdfsgdfg wrote:

Hmm what happens to accounts that have weak passwords then

The ST shouldn’t know their current password.

I support this, it can show kids about password safety

bump

Doesn’t this already exist? I have some very faint memories of pop-ups saying your password is too weak appearing in the account creation window sometime last year.