#9
  
Due to a slight computer issue I had to change my WoodNet password. After finally getting logged on - which seemed like a far more painful process than it should have been - I went to the proper page and typed in a familiar password of 6 characters. I received a message that the new password must contain "12-200 characters". Sarcasm

Seriously? 12-200 characters?

Can someone please explain to me the necessity for a 12-character minimum password? And between you & me, 200 seems a bit excessive for a maximum...

Dave
"One should respect public opinion insofar as is necessary to avoid starvation and keep out of prison, but anything that goes beyond this is voluntary submission to an unnecessary tyrany, and is likely to interfere with happiness in all kinds of ways."
Reply

#10
  Passwords Big Dave Due to a slight comp...
200..........ayup. Laugh 
I didn't have the 12 minimum screen pop up. Must be a relative new change.
Steve





Working on 20,000 Winkgrin





Reply
#11
  Passwords Big Dave Due to a slight comp...
Sorry that you had trouble resetting your password, though I am glad you got it done. We are following the standard best-practice of a 12-character minimum password requirement at this time.

https://en.wikipedia.org/wiki/Password_s..._passwords

We want to ensure that if someone should ever inadvertently obtain the password hashes for this site that they have a hard time reversing them, especially since many people tend to reuse passwords that they use for more important accounts on other sites. We discourage the reuse of passwords, but we cannot prevent it; that is up to you.

If you are using the Latin alphabet for your passwords, then with modern processing capabilities, passwords with only 10 characters can be brute-forced on the order of days to weeks. 11 character passwords might take a decade. 12 character passwords, however, can be brute-forced on the order of centuries, so they are what is recommended. Keep in mind that these numbers are for brute-forcing only; shorter or commonly-used passwords can simply be looked up in pre-existing tables in seconds or less, and processing hardware is only going to get faster. The current recommended best practice for you to keep yourself safe while maintaining ease of use is to use a password manager.

https://en.wikipedia.org/wiki/List_of_password_managers

As far as the 200 limit goes, that is not necessary - that is just the maximum we allow because of table cell size limits in the database.
Reply
#12
  Passwords Big Dave Due to a slight comp...
Thanks for the explanation! Yes

I understand the need for security in today's world - we recently went to 10-character passwords at work. Of course, it appears we're already behind there now... Rolleyes 

As for my trouble logging on, I apparently wasn't using the right combination of new/temporary password and the "I'm Not A Robot" box. Maybe it was just me, but it took, honestly, at least six attempts over two days.... Sarcasm 


Thanks again!
Dave
"One should respect public opinion insofar as is necessary to avoid starvation and keep out of prison, but anything that goes beyond this is voluntary submission to an unnecessary tyrany, and is likely to interfere with happiness in all kinds of ways."
Reply
Passwords


Forum Jump:


Users browsing this thread: 1 Guest(s)