News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Password length

Started by JoeTF, November 20, 2005, 06:19:07 PM

Previous topic - Next topic

JoeTF

Hello,
Could you please reconsider your password length requirements (8 bloody letters!)?
You can have a secure password that is shorter. Now I had to create some very stupid password and write it down in notepad(sorry,  I can only remember so many passwords!). How is that supposed to be more secure?
Consider putting it to standard 6 letters and if needed, enforce special character or two if needed.

rakuli

Can you not just take your standard 6 character password and prefix or append some characters?

rakuli would become 01rakuli.

I find this helps as a naming convention for passwords. I beleive 8 letters is becoming the new standard anyway.

Alexandre P.

In SMF 1.1, you can set how much secure you would like your users to choose their password.  When going to Admin -> Registration -> Settings, you can set the password strenght to low (4 char. min.), medium (8 char. min. + cannot contain username) or high (8 char. min. + cannot contain username + has to have a mixture of upper and lowercase letters + at least one number).
Aucun support par M.P., courriel ou messagerie instantanée / No support by P.M., email or I.M.

MaSt3R

I Think you should keep with the Six Letter Password not to be a pain, But ive always used six letter words and never had a User Account Stolen... why dont you try Encrypting the password's ;)
Admin of Wicked-messenger.info [nofollow]

VB COD3R

Angie

#4
Quote from: MaSt3R on November 26, 2005, 04:34:39 PM
I Think you should keep with the Six Letter Password not to be a pain, But ive always used six letter words and never had a User Account Stolen... why dont you try Encrypting the password's ;)

descrypting the password is not possible, you can only try a hash collision, but not with regular machines (needs big databases and at the moment i know only md5 db´s for this).

but, and this is more often the case as you think, passwords with 6 letters (in the worsest case passwords you can find in any dictionary) are easy to hack.

passwords should at least 8 letters long and should contain letters and digits.

check your /var/log/messages file on your server and you know why.

lg angie
Greetings from Angie (fiancé of mediman ;-))


David

Just to make sure this is clear though, we do not store passwords in clear-text within the database. :)
This space for rent.

Advertisement: