Secure passwords

Web security blogger Anil John reports about the results of a study on secure passwords:

# "... security can be significantly improved by educating users to select mnemonic passwords
# Size of the password matters
# Entropy per character matters, so instruct users to choose passwords containing numbers and special characters as well as letters."

An example of a mnemonic password is "I's12n&Iah" which is derived from the phrase "It's 12 noon and I am hungry" .

The regex to handle this:
^.*(?=.{9,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#'$%^&+=]).*$

Comments

Post a Comment

Popular posts from this blog

Uncle Bob vs. Grady Booch: Rethinking Code Reviews in the Age of AI

Image
In response to a question about the feasibility of effective code reviews for large (e.g., 500-line) AI-generated PRs like those from Claude, especially when reviewers lack deep codebase familiarity in new projects or fast-paced environments, Uncle Bob Martin and Grady Booch have contrasting views Uncle Bob Martin advocates metrics-based oversight (test coverage, complexity, dependencies) and higher-level management over line-by-line AI code review, while Grady Booch stresses manual verification for vulnerabilities, dead code, and performance factors. Uncle Bob Martin : " I don’t review code written by agents . I measure things like test coverage, dependency structure, cyclomatic complexity, module sizes, mutation testing, etc.  Much can be inferred about the quality of the code from those metrics. The code itself I leave to the AI.  Humans are slow at code. To get productivity we humans need to disengage from code and manage from a higher level." Grady Booch : "Unlike B...
Read more

This Week I Learned - Week 17 2026

This Week I Learned -  * From The Batch - - Alignment training teaches LLMs to behave like assistants, but it tethers them to that behavior only loosely. Beyond alignment training, system prompts act as behavioral guardrails, but motivated users can bypass them.  - The lengths of tasks completed autonomously by AI agents have doubled roughly every seven months, according to METR, an independent testing organization - LLMs' knowledge is still relatively limited with respect to infrastructure and the complex tradeoffs good engineers must make...finding infrastructure bugs — say, a subtle network misconfiguration — can be incredibly difficult and requires deep engineering expertise.  - Research involves thinking through new ideas, formulating hypotheses, running experiments, interpreting them to potentially modify the hypotheses, and iterating until we reach conclusions. Coding agents can speed up the pace at which we can write research code. - Meta has pivoted from its ope...
Read more

Open Food Facts Slack Notes: Data, Trends, and Discoveries

Image
Open Food Facts is the largest and more comprehensive open database on the planet, by far. The Open Food Facts Slack  (open to all) has several channels for discussions, updates, and collaborations. I’ll keep sharing interesting facts I come across in the conversations there, right here: *  Pierre (teolemon) - The data (is)...legally acquired, through crowdsourcing and/or AI extraction from Crowdsourcing or existing OFF data. We don’t allow scraping for legal reasons. *  Alex Bourreau - I made a small tool to check what your contributions to Open Food Facts are used for : https://contributionreuses.bourreau.dev/ Enter your OFF username and it shows you a list of scientific articles that relied on data of products you've created ! *  James Addison  -  OpenFoodFacts does have methods to detect products where errors seem likely; it tracks those errors and distributes them to registered volunteers, who then help by reviewing the errors, often fixing them wher...
Read more