Now that you're hacked, allow strong passwords
Forum rules
Do not post support questions here. Before you post read: Where to post ideas & feature requests
Do not post support questions here. Before you post read: Where to post ideas & feature requests
-
dragon-dragon_dragon
Now that you're hacked, allow strong passwords
It looks like some guy was able to randomly downloading sensitive info from your database? Bummer. I thought I'd suggest allowing people to use actual strong passwords for their accounts on the forums. I just read the email regarding your security fail and tried updating my password with an auto-generated one. The new password was rejected because "the password was too long."
Re: Now that you're hacked, allow strong passwords
Maximum password length is 30 characters. How long is long enough.
Re: Now that you're hacked, allow strong passwords
Mh, did this user quote the forum software wrong or does the software give wrong advice (20 vs. 30 characters)?
-
zerozero
Re: Now that you're hacked, allow strong passwords
confusion there (i believe) between username and password:
username: 3 to 20 characters;
password: 6 to 30 characters.
username: 3 to 20 characters;
password: 6 to 30 characters.
-
not_Daniel
Re: Now that you're hacked, allow strong passwords
Setting arbitrary conditions on the password is a misguided sense of security when the real value is length itself.
Password #1: "this is an incredibly insecure password"
is much more security-valuable compared to:
Pasword #2: "6Word5"
Password #1 will take 24 quattuordecillion years to crack versus password #2 -- which would take 1 second to crack (assuming the usual unsalted hashes that are not unique per user.)
Source.
Password #1: "this is an incredibly insecure password"
is much more security-valuable compared to:
Pasword #2: "6Word5"
Password #1 will take 24 quattuordecillion years to crack versus password #2 -- which would take 1 second to crack (assuming the usual unsalted hashes that are not unique per user.)
Source.