Page 1 of 1
Now that you're hacked, allow strong passwords
Posted: Mon Feb 29, 2016 3:29 pm
by dragon-dragon_dragon
It looks like some guy was able to randomly downloading sensitive info from your database? Bummer. I thought I'd suggest allowing people to use actual strong passwords for their accounts on the forums. I just read the email regarding your security fail and tried updating my password with an auto-generated one. The new password was rejected because "the password was too long."
Re: Now that you're hacked, allow strong passwords
Posted: Mon Feb 29, 2016 4:56 pm
by xenopeek
Maximum password length is 30 characters. How long is long enough.
Re: Now that you're hacked, allow strong passwords
Posted: Mon Feb 29, 2016 6:29 pm
by Cosmo.
Mh, did
this user quote the forum software wrong or does the software give wrong advice (20 vs. 30 characters)?
Re: Now that you're hacked, allow strong passwords
Posted: Mon Feb 29, 2016 7:00 pm
by zerozero
snapshot410.png
confusion there (i believe) between username and password:
username: 3 to 20 characters;
password: 6 to 30 characters.
Re: Now that you're hacked, allow strong passwords
Posted: Sat Apr 30, 2016 11:02 pm
by not_Daniel
Setting arbitrary conditions on the password is a misguided sense of security when the real value is length itself.
Password #1: "this is an incredibly insecure password"
is much more security-valuable compared to:
Pasword #2: "6Word5"
Password #1 will take 24 quattuordecillion years to crack versus password #2 -- which would take 1 second to crack (assuming the usual unsalted hashes that are not unique per user.)
Source.