Password security requirements that actually do the opposite

Sometimes when you create an account or change the existing password of an account on some website, the site will impose some requirements on your password. Archetypal requirements are like "must contain at least one number", "must contain at least one capital letter", "must contain at least one non-alphanumeric character" and so on.

This is what happens when developers who have no understanding of cryptography get to write such applications. They think that they are making the password more secure by requiring such things, because they think that they are enlarging the search space of a brute-force attack, but ironically what they are doing is the exact opposite!

Ironically, rather than enlarging the search space, they are narrowing it!

Consider, for example, the requirement "must contain at least one number": Someone making a brute-force search of the password now knows that at least one of the characters is from a very small set of ten. This narrows down the entire search space by quite a significant percentage!

Likewise "must contain at least one capital letter" allows the attacker to know that one of the characters has to be from a set of 26. Combine this with the previous (if the site requires both), and you have narrowed the entire search space by quite a bit.

Even "must contain at least one non-alphanumeric character" narrows down the search space because the attacker, once again, knows that at least one of the characters in the password is for certain not a letter or a number, ie. a set of 62 characters can be skipped for one of the password characters on each attempt.

And, ironically, the more such narrowing requirements that a website puts on passwords, the more they shrink the search space because all of those restrictions are combined in the same password.

The only beneficial requirement for password security is a minimum length. (While this allows the attacker to skip all attempts that are shorter, that's such a tiny fraction of the entire search space that's it's essentially inconsequential. It might have a tiny effect, but in no way significant.)

Should you install Windows in an SSD?

This post is more of a personal story, recounting personal experience, rather than a quick straightforward answer to the question. If you just want the answer, then it's "yes". But with the story:

Up until recently I had, pretty much in essence, the same installation of Windows on my PC for almost 10 years. It started as a Windows 7 installation on a brand new PC. Years later it upgraded itself to Windows 10. Over these almost ten years it has survived a lot of hardware upgrades and even a complete transfer to a new hard drive (which I did using a copying tool) because the old one was starting to give clear signs of starting to fail. Pretty much the same installation of Windows survived a pretty much entire revamp of the entire underlying hardware over the years. The final PC where it was running has only one component that was the same as in the original brand new PC almost a decade prior: The DVD-RW drive. And technically the PC case. Every single other component had been upgraded at one point or another (including the CPU, the motherboard, and the very hard drive where Windows was installed.)

Most people recommend doing a fresh install of Windows from time to time, perhaps every couple of years or so. I was extremely reluctant to do this. "If it works, don't fix it" was my motto. And I feared the amount of work required to re-install all the software I was using.

At one point I purchased a 120-gigabyte SATA3 SSD. The intent for this was primarily to install games in it. I had zero intention in installing Windows in it.

Indeed, for the longest time I was of the opinion that why should one install Windows on an SSD? What's the point? Sure, Windows might boot up a bit faster, but so what? I can wait a few seconds more for it to boot up. What matters is how fast games launch and load.

I think that, in retrospect, I'm still a bit of that opinion when it comes to SATA SSDs. While they may have better seek times, a SATA SSD is generally not significantly faster than just a regular SATA hard drive. Especially since Windows defragments its own system files from time to time, so seek times are seldom such a huge issue. It's the SATA bus itself that's the biggest bottleneck in this whole process.

Also, back then SSDs were really expensive. Back in those days a 120-gigabyte SATA SSD was as expensive as a 1-terabyte SATA hard drive. My opinion was that it's better to use this precious expensive storage space for what really matters, ie. video games, not for Windows (which could easily hog well over half that space, and even more over time).

Things have changed in recent years, however. Not only have SSDs become much cheaper, with eg. a 500-gigabyte SSD not being any more expensive than a 1-2 terabyte hard drive, but most importantly technology has advanced: Now we have NVMe SSDs, which use the PCI-Express bus rather than the SATA bus, and can easily be 10-20 times faster than even the fastest SATA drives, and even more.

Also SSD lifetimes have improved. (Incidentally, this has a lot to do with their size: The larger the capacity of the SSD, the longer its lifetime will be. This is simply because the drive has more space to write data and thus it doesn't need to write data so frequently to the same cells.)

Some months ago I purchased a 500-gigabyte NVMe SSD, with speeds of 3500 MB/s (read) and 2000 MB/s (write), which is like 10 times faster than even the fastest SATA3 drive.

Due to several reasons I finally decided to bite the bullet and make a completely fresh install of Windows 10 on that NVMe drive (keeping the other drives as secondary).

(Incidentally, and quite commendably, Microsoft makes this kind of reinstall really easy and, most importantly, at no extra cost. If you have registered Windows on a particular PC and you make a complete reinstall, even if it's to a different drive, it will be automatically registered without you having to pay again, or having to do anything at all. As long as the hardware doesn't change too much, or at all, like in this case, it doesn't cost anything, and doesn't even consume one of your registrations.)

I must say that the speed difference in Windows bootup and responsiveness is simply astonishing.

In the previous install, after the BIOS screens had passed, it took Windows something like 10 seconds for the login screen to appear (it didn't take this long at the beginning, but it had become slower and slower over the years). Even after logging in, Windows would still heavily load stuff from the hard drive for the next minute or so, during which time everything was quite sluggish. For example right-clicking on the desktop backround to pop up the context menu would take a second or two before it would appear. Starting any programs would also likewise take several seconds during this loading period.

In this new NVMe install, after the BIOS screens have passed, it literally takes about a second for the login screen to appear, and no matter how fast I log in, everything is 100% responsive immediately. For example the desktop background context menu appears immediately, no matter how quickly I right-click on the background after logging in. All programs launch immediately with no delay.

In the current age of super-fast NVMe SSD drives, I would say that yes, it definitely is a good idea to install Windows in one. Nowadays there's very little reason not to. (Also with current NVMe SSD sizes there will still be plenty of space for games as well, on the same drive.)

The most common mistake when building a PC

Building your own custom PC from parts is not only a hobby, but for many enthusiasts the only way to build the gaming rig they really want. Not only is it cheaper that way because you aren't paying the prebuilt PC manufacturer for the work (at least in theory), but you can more easily choose which parts you want in it, according to your budget and needs. Many PC gamers wouldn't even consider buying a prebuilt system (not even if you can choose the parts for it).

PC building is quite a hobby in itself, and not surprisingly there are tons and tons of tutorials out there especially on YouTube.

There is, however, one very common mistake that most people who are building their first PC make, or even their second or third (until they are bitten by the consequences of the mistake). What's worse, this very same mistake is often done in most tutorial videos as well, sometimes even when the video is made by a person who should know better. Even very technically experienced people making PC building videos seem to often make this mistake.

What is this mistake?

It's building your PC completely and fully, all the way to the last screw and zip-tie... before turning it on for the very first time to see if it boots up.

Oftentimes it works just fine. Too many times, however, it won't POST, or there will be some other problems (such as no image of any kind).

Sometimes this is because of incompatible parts. Even to this day (and perhaps especially in this day and age) there can be components that don't work together. The motherboard might not support that particular type of CPU (at least not without a BIOS upgrade), the RAM sticks may have some kind of incompatibility problem with the BIOS, the CPU, or even with each other (modern RAM sticks tend to sometimes be extraordinarily picky, sometimes even not working with other sticks of the same model from the same manufacturer, but manufactured in a different assembly line in a different factory) or a myriad of other problems. Maybe one of the components (like the PSU) was just bad and needs a warranty replacement.

Whatever it is, there's a good chance that you'll need to replace something in the PC... which often means taking the PC apart once again (completely or to significant extents). This may be especially so, and especially laborious, if you eg. have chosen a water cooling system, and you need to eg. replace the CPU, as this means pretty much taking everything apart.

Every experienced PC builder ought to know by heart that the very first thing you do when building a new PC is to first and foremost make an absolutely minimal build with the motherboard on the table, with the CPU and an air cooler and the RAM and GPU installed, and then connect the PSU and see if it POSTS. This way if there's something wrong and you need to replace something, the amount of work is minimized.

Some even may want to install the system's main hard drive and install the OS in it and see if it still works, before continuing to actually putting the motherboard inside the PC case. (This especially if you want to use a watercooling system, as you really don't want to have to take it apart immediately again.)

How many times have you seen this done in a YouTube PC build video, or even PC building tutorial? I have seen way too many videos where the author does not do this, even by people who should really know better.