Page 1 of 1

Password Requirements

Posted: 09 Nov 2015, 08:36
by Maniac
I don't see the use of requiring numbers and symbols in a password on a site that doesn't even use https? Why should I be forced to remember a complicated password for a site where I can't even rely on it being safe when I'm in a public area?

Re: Password Requirements

Posted: 09 Nov 2015, 08:59
by joedf

Re: Password Requirements

Posted: 09 Nov 2015, 09:01
by jNizM
Jup. Thought the same while I saw the pw change page.

+1 for HTTPS and add to HTTPS Everywhere by EFF (I don't surf the net without since ~2 years)

Re: Password Requirements

Posted: 09 Nov 2015, 09:43
by joedf
very cool :+1:

Re: Password Requirements

Posted: 09 Nov 2015, 11:13
by guest3456
i too thought the pw requirements were a bit over the top

but does anyone really 'remember' passwords anymore? you should be using diff pws for each site, and storing them in a pw manager such as KeePass which is regularly backed up

Re: Password Requirements

Posted: 09 Nov 2015, 11:19
by Exaskryz
@guest3456 because password managers are clunky. Tried to use one on firefox (KeePass with KeeFox?), bugged out and would not at all accept my current password database, so, gve up on that. I just memorize all my different passwords. Makes it easier to login on different devices (such as using my university account to access the online library resources when I'm at the library, or just getting onto a computer).

But yes, https is a great suggestion before we start asking for complicated passwords anyway.

Re: Password Requirements

Posted: 09 Nov 2015, 11:51
by Maniac
And yes, to echo, the password requirements are crazy for a site with no important information. They're more stringent than most other sites I've been on.

Re: Password Requirements

Posted: 09 Nov 2015, 23:27
by MasterFocus
@Exaskryz: I use KeePass and I have no problems whatsoever. I've never tried any addons. You could probably try setting an auto-type routine for each relevant entry.

Re: Password Requirements

Posted: 10 Nov 2015, 04:11
by lexikos
Having a complex password is no less valuable on a site without HTTPS than one with HTTPS. Complexity requirements are also much, much easier to implement, and cost nothing.

They're also annoying. I've turned them off. I know that these requirements weren't in place a year ago.

I think it's common to require characters from a minimum number of categories (rather than all of specific categories), but phpBB only has the following settings:
  • No requirements (except length)
  • Must be mixed case
  • Must contain letters and numbers
  • Must contain symbols
These are mutually exclusive, but apparently "accumulative" - i.e. the setting it was on (the last one) requires mixed case letters, numbers and symbols.

Re: Password Requirements

Posted: 10 Nov 2015, 09:07
by Maniac
Great, thanks Lexikos.