cancel
Showing results for 
Search instead for 
Did you mean: 

Security, Passwords and validation logic

Anonymous
Not applicable

Passwords:  Simple things, and most companies try enforce strict guidelines to help people define strong ones.  Truncating passwords at a certain length, or removing sertain multi-byte characters is ridiculous.  I hate not being able to use certain character of 16-20 character passwords using every type of charatcer possible.

 

Restricting between certain lengths, certain characters, or whatever pointless, annoying, ARGH -rantover

Message 1 of 13
2,847 Views
12 REPLIES 12

sheepdog
Level 26: Upbeat
  • 3363 Posts
  • 31 Topics
  • 39 Solutions
Registered:

When you have to deal with multiple servers and multiple "doors" of getting to to the server, you learn to hate passwords with a vengance and create ones with simple yet conformist passwords. Then hope your keyboard doesn't have problems midway through entering it. 

 

But I digress. There really isn't a standard and a lot of the methodology behind determining the password criteria is sometimes limited by the database, the programming language and the API which leads to a slowdown in performance to the user. The more encryption = slower it gets. 

Message 2 of 13
2,590 Views

Liquid
Level 44: Clearly Talented
  • 5942 Posts
  • 98 Topics
  • 305 Solutions
Registered:
In my opinion enough isn't done to enforce strong passwords on a lot of sites. O2 for example are happy to allow me to use my surname as a password (secure?).

Two step authentication and lockouts after multiple attempts are the way forward in my opinion.
Nothing sucks more than that moment during an argument when you realize you’re wrong. So Ive been told wink
Message 3 of 13
2,577 Views

Toby
  • 11577 Posts
  • 520 Topics
  • 213 Solutions
Registered:
What do you mean by 2-step authentication Liquid?

I think I know what you're saying, but please elaborate slight_smile
Fancy writing a great device review or O2 forum guide? Send me a message!

Get involved:
• New to the community? This is how you get help.
• Want to know who we are? Come and say hi to us.
• Want to have a chat? Drop me a direct message.

Message 4 of 13
2,561 Views

perksie
Level 69: Guiding Light
  • 27019 Posts
  • 247 Topics
  • 1614 Solutions
Registered:

There's a good explanation from the experts here:

 

http://support.google.com/accounts/bin/topic.py?hl=en&topic=28786&parent=14118&ctx=topic

 

 

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1
Message 5 of 13
2,559 Views

Anonymous
Not applicable

@Anonymous wrote:

Passwords:  Simple things, and most companies try enforce strict guidelines to help people define strong ones.  Truncating passwords at a certain length, or removing sertain multi-byte characters is ridiculous.  I hate not being able to use certain character of 16-20 character passwords using every type of charatcer possible.

 

Restricting between certain lengths, certain characters, or whatever pointless, annoying, ARGH -rantover


Sorry but your point is what? 

Argh is your post. -rantover

Message 6 of 13
2,554 Views

perksie
Level 69: Guiding Light
  • 27019 Posts
  • 247 Topics
  • 1614 Solutions
Registered:

I suspect that OP was a spam test but we don't get many now, the old forum was plastered with them. Smiley LOL

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1
Message 7 of 13
2,552 Views

Anonymous
Not applicable

@perksie wrote:

I suspect that OP was a spam test but we don't get many now, the old forum was plastered with them. Smiley LOL

i would agree if it was not for the spelling mistakes!

 

Message 8 of 13
2,543 Views

jonsie
Level 94: Supreme
  • 95620 Posts
  • 612 Topics
  • 7137 Solutions
Registered:
Message 9 of 13
2,540 Views

Anonymous
Not applicable

Admittedly my point in the opening post was ambiguous, and badly written. I've made this complaint, generally within communities of software developers. It gets boring after the millionth time, but I can't stress enough on the point, and how basic it is.

Nevertheless, my point is, defining minimum requirements is perfectly reasonable to encourage users to set relatively strong passwords. But to limit passwords in any number of ways; from the length of characters allowed; the type of characters allowed; the order of what characters are allowed; is dumb.

The point above that describes the reason for limitation, due to technology used, such as databases or the encryption algorithm is irrelevant. O2 much like Tesco are too lazy to upgrade their logic or technology. Preventing the use of certain multibyte characters such as; tilde, dollar, euro, carot whilst allowing asterisks, exclamation mark and parenthesis is dumb. Truncating password length at 10 characters is also dumb. It just irritates me, I have a simple method of generating strong, unique passwords for systems I need to define them for. At minimum they are 16 characters. When a system says my password is invalid due to it exceeding 10 characters, or that I use a dollar symbol - it really bugs me, there is NO need for such stupidity.

Message 10 of 13
2,535 Views