Automatic Passwords

1st Official Post

    It's also more secure.
    You should always use non-alphanumeric signs in passwords. It increases password security by some orders of magnitudes.


    And nobody I know types in the password from the mail. Literally everyone just copies and pastes it. And you should change it anyways after the first login, so you can choose a less secure password of you wish. But there is little reason to send out less secure passwords in the first place.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

    Like 3

    As a general question how old are you? Many off my members are 60+ and send me emails when they can't read the password. Just because you copy and paste doesn't mean that all demographics copy and paste well, especially on smart phones and tablets.

    On smart phones and tablets you can still double-tap. Personally I don't know that many 60+ year olds that run around with smart phones and tablets. In my experience, those devices are more commonly found in the group of people between 14-50.


    Anyways, it doesn't change a single fact that alphanumeric passwords are - due to being alphanumeric - easier to attack then passwords with non-alphanumeric signs. I don't know about the culture in your country, but around here security and privacy are major concerns, especially for older people.


    Btw, I do know people 80+ who browse the web and c&p stuff.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

    I was in the hospital with my partner last week waiting for his haematologist and as a matter of fact there was an old lady, probably around 80 playing games on an IPad! I was secretly cheering her on and before you know it her phone rang and out came an iPhone! Techno Granny! :D

    • Official Post

    Hi


    I just landed a commit for Community Framework 2.1 that changes the generation of passwords. Password as of Community Framework 2.1 will be alphanumeric only, with a length of 12 characters. Instead of alphanumeric + 9 special characters and a length of 9 characters.


    @Netzwerg The rationale behind change was that length is more important than the size of character set¹. Doing the raw math the new algorithm yields about 16 Bit more entropy than the old one.
    Also: The password is transmitted via insecure mail anyway, so it does not really matter. Except in terms of user experience.


    1 Increasing the length by one yields a larger space compared to adding those 9 special characters that are currently used:

    Code
    Prelude> (62 ^ 8)
218340105584896
Prelude> (62 ^ 9)
13537086546263552
Prelude> (71 ^ 8)
645753531245761

    @TimWolla how about an option to choose if we want to include special characters or not? I'm just asking cause in the ACP you have the option to require uppercase letters, lowercase letters, numbers and special characters for a password. Will this option and the password length you set there taken in account for the password generation.

    Linux: Born to Frag 8) :D

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login