Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Robin Winslow Morris 20 posts 82 karma points
    Jan 14, 2013 @ 17:03
    Robin Winslow Morris
    0

    Should member passwords really contain 1 non alpha numeric character?

    Default Umbraco offers this helpful hint when choosing a password for members:

    Password: The password should be a minimum of 7 characters long and contain at least 1 non-alpha numeric character(s)

    There are plenty of password cracking algorythms out there that are very good at predicting where people will use non-apha-numeric characters in their passwords, such that they really don't make the password that much stronger. See: http://xkcd.com/936/. It is *always* more beneficial to make a password longer instead. I.e. compose it of multiple words. Easy for humans to remember, hard for computers to guess.

    I would like to suggest that this particular tip is removed, because I would like to advise users in my organisation *not* to use random capitals, numbers or non alpha-numeric characters because it's far more useful that a person be able to accurately remember their password than the very slight complexity that this adds for a cracking algorythm.

    Thoughts?

  • Lee Kelleher 3886 posts 14629 karma points MVP 9x admin c-trib
    Jan 15, 2013 @ 10:58
    Lee Kelleher
    101

    Hi Robin,

    I guess the message was put in as a guideline a long time ago. Of course, general opinions towards password strengths/patterns are changing/evolving.

    I'd suggest raising a ticket on the issue tracker with any suggestions/improvements you have.  Also opens it up to further discussion amongst the core team.

    http://issues.umbraco.org/issues/U4#newissue=yes

    Thanks, Lee.

  • Robin Winslow Morris 20 posts 82 karma points
    Jan 15, 2013 @ 14:09
    Robin Winslow Morris
    1

    Thanks Lee

    Glad you agree, I've created a ticket: http://issues.umbraco.org/issue/U4-1477

    Robin

Please Sign in or register to post replies

Write your reply to:

Draft