Most of the claims aren't listed so it's hard to draw a conclusion.
And don't hold your breath waiting for them to be listed publicly, either.
If this is over trade secrets, the alleged trade secrets, if legitimate, will still be secret. So unless/until Facebook gets a judgement that the claims are bogus, the proceedings will be under seal.
Even if they ARE bogus it may not be in Facebook's interest to publish them, either. They might be little-known enough that exposing them to their competition might make the competitive environent tougher for Facebook.
So don't be surprised if the "secrets" and the details of the verdict or settlement remain under wraps.
Yeah, the suggested method for generating passwords generates needlessly long passwords. The total entropy is good, but the entropy per character is pretty poor. You get much better entropy per character with abbreviation passwords, where you have a sentence or group of random words and you use the first letter from each, or second, or last, or alternating, or whatever suits you. It's still not as much entropy per character as a random pattern, but it's much better than writing out full words - and pops into your head just as fast (because it is, in essence, the same).
Not in any services I subscribe to.
What does "password strength" really mean?
If people used a textual representation of number obtained from a reliable hardware random number generator then the meaning would be unambiguous. It's the number of digits in that number. But most people don't do that (perhaps more should).
So what does it mean to say that a password has so many bits of entropy? Well, I guess it means how many truly random bits it would take to index their password from the universe of passwords the user considered. This is more an exercise in psychology than it is in mathematics. You have to figure out how users generate passwords or discount passwords. For example requiring a mix of upper and lower case letters doesn't add as much entropy as you'd think, because most users are mediocre typists who'll avoid using the shift key too often. Requiring digits means that many people will just "0" for "o" and "1" for "L".
So it's really easy to concoct passwords which you know are bad, because you know the methods used to select which passwords you'd consider; if the developers of the strength meter don't take your particular generation algorithm into account the meter will show the password to be stronger than you know it to be.
How's that any different from http://xkcd.com/936/?
And if you want to make it exceptionally strong, you combine those techniques. "correct horse battery staple" is strong, "correcT horXe batt6ery st&ple" is heat death of universe-strong and actually not much harder to learn.
The real solution is to use password management software like KeePass, LastPass, or 1Password. Lock your password program with your good password from Diceware, and use unique, truly random passwords for all the websites you've registered on.
At the cost of travelling around with the keys to the kingdom. Imagine you're on vacation and you want to pop into an internet cafe and log into
1) My mail, because it gets all the password resets.
2) My bank, but it's using two-factor anyway.
3) My "assorted junk" password where I might lose my forum account or whatever that doesn't *really* matter.
I really try not to use the first two on an untrusted device unless I really have to, because afterwards I need to change it. In fact if I know I will need to use it I'll change it on a trusted device up front and restore it later, good memorized passwords are a pain to relearn.
Agreed!
I'm imagining a kind of competitive tomboy/sibling rivalry thing, with the girl not always winning, but showing she can give as good as she gets. It'd put a "new" (ish) spin on the old Top Gear formula.
Evidence seems to indicate it for one. If he's such a horrible person, why is that he self reported the incident? Somebody who is horrible enough that simply being around them is enough to "goad" them, doesn't seem like the sort that would later take a step back and go "hmmm, that was really stupid of me. I should notify that this event happened". They'd more likely not see any issue with what they did and just carry on.
It could also be that they he it would get reported anyway and wanted to get his version in first, he may have even thought they were in the right.
When I heard of this my thought was of Jion Ghomeshi, a CBC radio host who is being charged with multiple sexual assaults for a long pattern of behaviour. Before things broke the thing that got him fired was him showing a video to management with the belief that it would clear him, instead management realized the stuff on the video was sexual assault and fired him.
"A car is just a big purse on wheels." -- Johanna Reynolds