Posts: 6,755
Threads: 0
Joined: Aug 2001
Location: Post Falls, ID
Due to a slight computer issue I had to change my WoodNet password. After finally getting logged on - which seemed like a far more painful process than it should have been - I went to the proper page and typed in a familiar password of 6 characters. I received a message that the new password must contain "12-200 characters".
Seriously? 12-200 characters?
Can someone please explain to me the necessity for a 12-character minimum password? And between you & me, 200 seems a bit excessive for a maximum...
Dave
"One should respect public opinion insofar as is necessary to avoid starvation and keep out of prison, but anything that goes beyond this is voluntary submission to an unnecessary tyrany, and is likely to interfere with happiness in all kinds of ways."
Posts: 24,145
Threads: 2
Joined: Sep 2003
Location: Missouri
200..........ayup.
I didn't have the 12 minimum screen pop up. Must be a relative new change.
Steve
Mo.
I miss the days of using my dinghy with a girlfriend too. Zack Butler-4/18/24
The Revos apparently are designed to clamp railroad ties and pull together horrifically prepared joints
WaterlooMark 02/9/2020
Posts: 485
Threads: 4
Joined: Dec 2002
Sorry that you had trouble resetting your password, though I am glad you got it done. We are following the standard best-practice of a 12-character minimum password requirement at this time.
https://en.wikipedia.org/wiki/Password_s..._passwords
We want to ensure that if someone should ever inadvertently obtain the password hashes for this site that they have a hard time reversing them, especially since many people tend to reuse passwords that they use for more important accounts on other sites. We discourage the reuse of passwords, but we cannot prevent it; that is up to you.
If you are using the Latin alphabet for your passwords, then with modern processing capabilities, passwords with only 10 characters can be brute-forced on the order of days to weeks. 11 character passwords might take a decade. 12 character passwords, however, can be brute-forced on the order of centuries, so they are what is recommended. Keep in mind that these numbers are for brute-forcing only; shorter or commonly-used passwords can simply be looked up in pre-existing tables in seconds or less, and processing hardware is only going to get faster. The current recommended best practice for you to keep yourself safe while maintaining ease of use is to use a password manager.
https://en.wikipedia.org/wiki/List_of_password_managers
As far as the 200 limit goes, that is not necessary - that is just the maximum we allow because of table cell size limits in the database.
Posts: 6,755
Threads: 0
Joined: Aug 2001
Location: Post Falls, ID
Thanks for the explanation!
I understand the need for security in today's world - we recently went to 10-character passwords at work. Of course, it appears we're already behind there now...
As for my trouble logging on, I apparently wasn't using the right combination of new/temporary password and the "I'm Not A Robot" box. Maybe it was just me, but it took, honestly, at least six attempts over two days....
Thanks again!
Dave
"One should respect public opinion insofar as is necessary to avoid starvation and keep out of prison, but anything that goes beyond this is voluntary submission to an unnecessary tyrany, and is likely to interfere with happiness in all kinds of ways."
