Login

Big Dave · 11-03-2019, 05:03 PM

Due to a slight computer issue I had to change my WoodNet password. After finally getting logged on - which seemed like a far more painful process than it should have been - I went to the proper page and typed in a familiar password of 6 characters. I received a message that the new password must contain "12-200 characters".
Sarcasm

Seriously? 12-200 characters?

Can someone please explain to me the necessity for a 12-character minimum password? And between you & me, 200 seems a bit excessive for a maximum...

Dave

Stwood_ · 11-03-2019, 05:53 PM

200..........ayup.
Laugh

I didn't have the 12 minimum screen pop up. Must be a relative new change.

***sysadmin*** · 11-04-2019, 01:00 PM

Sorry that you had trouble resetting your password, though I am glad you got it done. We are following the standard best-practice of a 12-character minimum password requirement at this time.

https://en.wikipedia.org/wiki/Password_s..._passwords

We want to ensure that if someone should ever inadvertently obtain the password hashes for this site that they have a hard time reversing them, especially since many people tend to reuse passwords that they use for more important accounts on other sites. We discourage the reuse of passwords, but we cannot prevent it; that is up to you.

If you are using the Latin alphabet for your passwords, then with modern processing capabilities, passwords with only 10 characters can be brute-forced on the order of days to weeks. 11 character passwords might take a decade. 12 character passwords, however, can be brute-forced on the order of centuries, so they are what is recommended. Keep in mind that these numbers are for brute-forcing only; shorter or commonly-used passwords can simply be looked up in pre-existing tables in seconds or less, and processing hardware is only going to get faster. The current recommended best practice for you to keep yourself safe while maintaining ease of use is to use a password manager.

https://en.wikipedia.org/wiki/List_of_password_managers

As far as the 200 limit goes, that is not necessary - that is just the maximum we allow because of table cell size limits in the database.

Big Dave · 11-04-2019, 06:36 PM

Thanks for the explanation!
Yes

I understand the need for security in today's world - we recently went to 10-character passwords at work. Of course, it appears we're already behind there now...
Rolleyes

As for my trouble logging on, I apparently wasn't using the right combination of new/temporary password and the "I'm Not A Robot" box. Maybe it was just me, but it took, honestly, at least six attempts over two days....
Sarcasm

Thanks again!
Dave

Login
	Lost Email?
Password:	Lost Password?
	Remember me

*If you are unable to login and cannot reset your password, the fastest way to contact us is by creating a temporary account and sending a pm to the sysadmin account.

Product Recommendations