When I signed up here, you made me compose a forum password of such arbitrary rules:
Password must be between 10 characters and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols.
I mean, sure, the password must be secure, but how did you came up with such arbitrary rules that the password must consist of letters in mixed case, numbers, and symbols? Is there a specific online security expert body which still gives out guidelines along these lines in 2018?
For some better ideas on forum password rules, you may want to consult with: https://nakedsecurity.sophos.com/2016/0 ... d-to-know/
The section The don’ts
No composition rules
Let people choose freely, and encourage longer phrases instead of hard-to-remember passwords or illusory complexity such as pA55w+rd.
How am I supposed to conveniently interact with the forum from a mobile device if I had to enter passwords like &%#@_?
I sincerely hope that the security and design decisions that you spare on your forum, you concentrate all those resources to make the core OS better.
Password guidelines for a modern online forum, like Linux Mint Forums
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Password guidelines for a modern online forum, like Linux Mint Forums
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Re: Password guidelines for a modern online forum, like Linux Mint Forums
Is it new that the passwords here must contain a symbol? I don't have a symbol in mine.
Re: Password guidelines for a modern online forum, like Linux Mint Forums
IIRC this has been changed after the attack against Mint website 2 years ago. There exist different opinions regarding the security rules for password. The solution is simple: Use a password manager to fill in the credentials (like KeePassX) and the arguing against compositing rules reduce to zero. I have such a strong password - a separate one for any account I have, and entering them manually would really be a difficult task (with likely much wrong attempts for login in because of a typo). But actually I have never typed the passwords myself and I do not even know them. (Of course I could look them up in my password manager, but I really do not know, why I should want to do that.)