Re: Security, Passwords and validation logic

Anonymous · ‎01-03-2013

Passwords: Simple things, and most companies try enforce strict guidelines to help people define strong ones. Truncating passwords at a certain length, or removing sertain multi-byte characters is ridiculous. I hate not being able to use certain character of 16-20 character passwords using every type of charatcer possible.

Restricting between certain lengths, certain characters, or whatever pointless, annoying, ARGH -rantover

sheepdog · ‎01-03-2013

When you have to deal with multiple servers and multiple "doors" of getting to to the server, you learn to hate passwords with a vengance and create ones with simple yet conformist passwords. Then hope your keyboard doesn't have problems midway through entering it.

But I digress. There really isn't a standard and a lot of the methodology behind determining the password criteria is sometimes limited by the database, the programming language and the API which leads to a slowdown in performance to the user. The more encryption = slower it gets.

Liquid · ‎01-03-2013

In my opinion enough isn't done to enforce strong passwords on a lot of sites. O2 for example are happy to allow me to use my surname as a password (secure?).

Two step authentication and lockouts after multiple attempts are the way forward in my opinion.

Nothing sucks more than that moment during an argument when you realize you’re wrong. So Ive been told

Toby · ‎01-03-2013

What do you mean by 2-step authentication Liquid?

I think I know what you're saying, but please elaborate

Fancy writing a great device review or O2 forum guide? Send me a message!

Get involved:
• New to the community? This is how you get help.
• Want to know who we are? Come and say hi to us.
• Want to have a chat? Drop me a direct message.

perksie · ‎01-03-2013

There's a good explanation from the experts here:

http://support.google.com/accounts/bin/topic.py?hl=en&topic=28786&parent=14118&ctx=topic

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

Anonymous · ‎02-03-2013

@Anonymous wrote:
Passwords: Simple things, and most companies try enforce strict guidelines to help people define strong ones. Truncating passwords at a certain length, or removing sertain multi-byte characters is ridiculous. I hate not being able to use certain character of 16-20 character passwords using every type of charatcer possible.

Restricting between certain lengths, certain characters, or whatever pointless, annoying, ARGH -rantover

Sorry but your point is what?

Argh is your post. -rantover

perksie · ‎02-03-2013

I suspect that OP was a spam test but we don't get many now, the old forum was plastered with them.

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

Anonymous · ‎02-03-2013

@perksie wrote:
I suspect that OP was a spam test but we don't get many now, the old forum was plastered with them.
i would agree if it was not for the spelling mistakes!

jonsie · ‎02-03-2013

Perhaps the characters he was trying to write were disallowed?

Click Here For Social Media Support Links VirginmediaO2THIS IS NOT CUSTOMER SERVICE AND WE CANNOT ACCESS ACCOUNTS

Anonymous · ‎02-03-2013

Admittedly my point in the opening post was ambiguous, and badly written. I've made this complaint, generally within communities of software developers. It gets boring after the millionth time, but I can't stress enough on the point, and how basic it is.

Nevertheless, my point is, defining minimum requirements is perfectly reasonable to encourage users to set relatively strong passwords. But to limit passwords in any number of ways; from the length of characters allowed; the type of characters allowed; the order of what characters are allowed; is dumb.

The point above that describes the reason for limitation, due to technology used, such as databases or the encryption algorithm is irrelevant. O2 much like Tesco are too lazy to upgrade their logic or technology. Preventing the use of certain multibyte characters such as; tilde, dollar, euro, carot whilst allowing asterisks, exclamation mark and parenthesis is dumb. Truncating password length at 10 characters is also dumb. It just irritates me, I have a simple method of generating strong, unique passwords for systems I need to define them for. At minimum they are 16 characters. When a system says my password is invalid due to it exceeding 10 characters, or that I use a dollar symbol - it really bugs me, there is NO need for such stupidity.