Now that you're hacked, allow strong passwords

Write suggestions and new ideas in here
More ideas here http://community.linuxmint.com/idea/welcome
Forum rules
  • Only post ideas here that are specifically about the Linux Mint distribution or its websites.
  • So that developers and users from any distribution can discuss ideas in one place, post ideas about improving software to the collaboration website for that software instead.
Post Reply
dragon-dragon_dragon
Level 2
Level 2
Posts: 66
Joined: Tue Sep 11, 2012 11:09 am

Now that you're hacked, allow strong passwords

Post by dragon-dragon_dragon » Mon Feb 29, 2016 3:29 pm

It looks like some guy was able to randomly downloading sensitive info from your database? Bummer. I thought I'd suggest allowing people to use actual strong passwords for their accounts on the forums. I just read the email regarding your security fail and tried updating my password with an auto-generated one. The new password was rejected because "the password was too long."

User avatar
xenopeek
Level 24
Level 24
Posts: 22176
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Now that you're hacked, allow strong passwords

Post by xenopeek » Mon Feb 29, 2016 4:56 pm

Maximum password length is 30 characters. How long is long enough.
Image

Cosmo.
Level 23
Level 23
Posts: 17830
Joined: Sat Dec 06, 2014 7:34 am

Re: Now that you're hacked, allow strong passwords

Post by Cosmo. » Mon Feb 29, 2016 6:29 pm

Mh, did this user quote the forum software wrong or does the software give wrong advice (20 vs. 30 characters)?

zerozero
Level 16
Level 16
Posts: 6507
Joined: Tue Jul 07, 2009 2:29 pm

Re: Now that you're hacked, allow strong passwords

Post by zerozero » Mon Feb 29, 2016 7:00 pm

snapshot410.png
confusion there (i believe) between username and password:
username: 3 to 20 characters;
password: 6 to 30 characters.
Image

[ bliss of ignorance ]

not_Daniel

Re: Now that you're hacked, allow strong passwords

Post by not_Daniel » Sat Apr 30, 2016 11:02 pm

Setting arbitrary conditions on the password is a misguided sense of security when the real value is length itself.

Password #1: "this is an incredibly insecure password"
is much more security-valuable compared to:
Pasword #2: "6Word5"

Password #1 will take 24 quattuordecillion years to crack versus password #2 -- which would take 1 second to crack (assuming the usual unsalted hashes that are not unique per user.)
Source.

Post Reply

Return to “Suggestions & New Ideas”