Passwords - Printable Version +- Woodnet Forums (https://www.forums.woodnet.net) +-- Thread: Passwords (/showthread.php?tid=7351082)

Passwords - Big Dave - 11-03-2019 Due to a slight computer issue I had to change my WoodNet password. After finally getting logged on - which seemed like a far more painful process than it should have been - I went to the proper page and typed in a familiar password of 6 characters. I received a message that the new password must contain "12-200 characters". Seriously? 12-200 characters? Can someone please explain to me the necessity for a 12-character minimum password? And between you & me, 200 seems a bit excessive for a maximum... Dave RE: Passwords - Stwood_ - 11-03-2019 200..........ayup.   I didn't have the 12 minimum screen pop up. Must be a relative new change. RE: Passwords - sysadmin - 11-04-2019 Sorry that you had trouble resetting your password, though I am glad you got it done. We are following the standard best-practice of a 12-character minimum password requirement at this time. https://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords We want to ensure that if someone should ever inadvertently obtain the password hashes for this site that they have a hard time reversing them, especially since many people tend to reuse passwords that they use for more important accounts on other sites. We discourage the reuse of passwords, but we cannot prevent it; that is up to you. If you are using the Latin alphabet for your passwords, then with modern processing capabilities, passwords with only 10 characters can be brute-forced on the order of days to weeks. 11 character passwords might take a decade. 12 character passwords, however, can be brute-forced on the order of centuries, so they are what is recommended. Keep in mind that these numbers are for brute-forcing only; shorter or commonly-used passwords can simply be looked up in pre-existing tables in seconds or less, and processing hardware is only going to get faster. The current recommended best practice for you to keep yourself safe while maintaining ease of use is to use a password manager. https://en.wikipedia.org/wiki/List_of_password_managers As far as the 200 limit goes, that is not necessary - that is just the maximum we allow because of table cell size limits in the database. RE: Passwords - Big Dave - 11-04-2019 Thanks for the explanation! I understand the need for security in today's world - we recently went to 10-character passwords at work. Of course, it appears we're already behind there now...   As for my trouble logging on, I apparently wasn't using the right combination of new/temporary password and the "I'm Not A Robot" box. Maybe it was just me, but it took, honestly, at least six attempts over two days....   Thanks again! Dave