Password Requirements

Post a reply

In an effort to prevent automatic submissions, we require that you complete the following challenge.
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :| :mrgreen: :geek: :ugeek: :arrow: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbup: :thumbdown: :salute: :wave: :wtf: :yawn: :facepalm: :bravo: :dance: :beard: :morebeard: :xmas: :HeHe: :trollface: :cookie: :rainbow: :monkeysee: :monkeysay: :happybday: :headwall: :offtopic: :superhappy: :terms: :beer:
View more smilies

BBCode is ON
[img] is OFF
[flash] is OFF
[url] is ON
Smilies are ON

Topic review

Expand view Topic review: Password Requirements

Re: Password Requirements

Post by Maniac » 10 Nov 2015, 09:07

Great, thanks Lexikos.

Re: Password Requirements

Post by lexikos » 10 Nov 2015, 04:11

Having a complex password is no less valuable on a site without HTTPS than one with HTTPS. Complexity requirements are also much, much easier to implement, and cost nothing.

They're also annoying. I've turned them off. I know that these requirements weren't in place a year ago.

I think it's common to require characters from a minimum number of categories (rather than all of specific categories), but phpBB only has the following settings:
  • No requirements (except length)
  • Must be mixed case
  • Must contain letters and numbers
  • Must contain symbols
These are mutually exclusive, but apparently "accumulative" - i.e. the setting it was on (the last one) requires mixed case letters, numbers and symbols.

Re: Password Requirements

Post by MasterFocus » 09 Nov 2015, 23:27

@Exaskryz: I use KeePass and I have no problems whatsoever. I've never tried any addons. You could probably try setting an auto-type routine for each relevant entry.

Re: Password Requirements

Post by Maniac » 09 Nov 2015, 11:51

And yes, to echo, the password requirements are crazy for a site with no important information. They're more stringent than most other sites I've been on.

Re: Password Requirements

Post by Exaskryz » 09 Nov 2015, 11:19

@guest3456 because password managers are clunky. Tried to use one on firefox (KeePass with KeeFox?), bugged out and would not at all accept my current password database, so, gve up on that. I just memorize all my different passwords. Makes it easier to login on different devices (such as using my university account to access the online library resources when I'm at the library, or just getting onto a computer).

But yes, https is a great suggestion before we start asking for complicated passwords anyway.

Re: Password Requirements

Post by guest3456 » 09 Nov 2015, 11:13

i too thought the pw requirements were a bit over the top

but does anyone really 'remember' passwords anymore? you should be using diff pws for each site, and storing them in a pw manager such as KeePass which is regularly backed up

Re: Password Requirements

Post by joedf » 09 Nov 2015, 09:43

very cool :+1:

Re: Password Requirements

Post by jNizM » 09 Nov 2015, 09:01

Jup. Thought the same while I saw the pw change page.

+1 for HTTPS and add to HTTPS Everywhere by EFF (I don't surf the net without since ~2 years)

Re: Password Requirements

Post by joedf » 09 Nov 2015, 08:59

Password Requirements

Post by Maniac » 09 Nov 2015, 08:36

I don't see the use of requiring numbers and symbols in a password on a site that doesn't even use https? Why should I be forced to remember a complicated password for a site where I can't even rely on it being safe when I'm in a public area?