Allow longer passwords
- Thread starter yak
- Start date
Is it asking a lot? If it's just a matter of adjusting a config number from 30 to 45, then no, it's not. If it's more troublesome than that, or a time sink just finding where such a value might be hidden, then I've got no interest in wasting Admin's time with it.
I only asked because I ran into the block. It was trivial for me to reduce the pass phrase, but it's something I almost never have to do on other sites. Maybe my pass phrase was longer than usual - it didn't seem so to me, this is the first time I've had to count characters in years - but maybe every other site I've signed up to has a 30 character limit and I've always just slipped under it. I dunno; I've never needed to check.
That's a broad and sweeping statement. The only times I've hit a password length barrier before this, was when it was limited to something really small like a dozen characters or thereabouts. I haven't seen one like that in quite a while though. Most sites allow longer passwords nowadays - at least in my own experience.
I use passphrases, rather than passwords, because it's easy to come up with something unique and memorable for each site, which is also very hard to crack. I don't need to look up a password, use a password keeper, or recycle the same password for dozens of sites. Passphrases, by their nature, are going to be long; they're a growing trend.
30 charas is long enough to come up with a decent passphrase, but if I've hit the limit, then I'm sure there must be others who will too, so I thought it'd be the decent thing to bring it to Admin's attention and let him make the call.
I only asked because I ran into the block. It was trivial for me to reduce the pass phrase, but it's something I almost never have to do on other sites. Maybe my pass phrase was longer than usual - it didn't seem so to me, this is the first time I've had to count characters in years - but maybe every other site I've signed up to has a 30 character limit and I've always just slipped under it. I dunno; I've never needed to check.
That's a broad and sweeping statement. The only times I've hit a password length barrier before this, was when it was limited to something really small like a dozen characters or thereabouts. I haven't seen one like that in quite a while though. Most sites allow longer passwords nowadays - at least in my own experience.
I use passphrases, rather than passwords, because it's easy to come up with something unique and memorable for each site, which is also very hard to crack. I don't need to look up a password, use a password keeper, or recycle the same password for dozens of sites. Passphrases, by their nature, are going to be long; they're a growing trend.
30 charas is long enough to come up with a decent passphrase, but if I've hit the limit, then I'm sure there must be others who will too, so I thought it'd be the decent thing to bring it to Admin's attention and let him make the call.
-
Approve
1
- Show all
I'm paranoid enough I like longer passwords too... generally in the 10-12 character range. Though I vary it and change it at random.
I've seen commercial on-line purchasing sites with 6 and 7 character limits.
Considering there is no financial information on this site, no social security, state ID, license info or other stuff like addresses and even location being entered is optional, and most do not use full real names, cannot really see how it matters all that much.
I've seen commercial on-line purchasing sites with 6 and 7 character limits.
Considering there is no financial information on this site, no social security, state ID, license info or other stuff like addresses and even location being entered is optional, and most do not use full real names, cannot really see how it matters all that much.
-
Approve
1
- Show all
There's no reason to disallow long passwords, because the storage of such things is trivial until you get to novella-length codes. Also, long passphrases, as the linked XKCD should say, are more secure against brute forcing than any other password style while being easy to remember.
-
Approve
1
- Show all
With proper password schemes, the storage really doesn't matter if your password is zero characters long or one petabyte long. They should all get cryptographically hashed and salted, multiple times (PBKDF2). With the broken MD5 cryptographic hash, its hex representation is 32 bytes long; with the arguably broken SHA-1, it is 40 bytes long; with SHA-512, it is 128 bytes long.
However, this doesn't mean that we can lower the length of passwords to zero characters long. Testing from zero characters to a few characters long can be cheap, depending on how computationally expensive your password scheme is. We are still better off using passwords eight characters long or longer.
However, this doesn't mean that we can lower the length of passwords to zero characters long. Testing from zero characters to a few characters long can be cheap, depending on how computationally expensive your password scheme is. We are still better off using passwords eight characters long or longer.
-
Approve
1
- Show all
I'm not saying to disallow long passwords, why would I ask to make them smaller if people have no problem with it? but unless it's just "change this variable here and it's done", which I really doubt but I admit to having no php knowledge myself, making them bigger will just give the admins a headache. As I said, many sites give you a limit of 15 tops, here we have 30 which is more than enough for sentences if you're not being wasteful, I see no real reason to go through the trouble to make them even bigger.
-
Approve
1
- Show all
It really is a matter of "change this variable here and it's done". Whenever you see an upper limit to password length, it is almost always some form of
Proper password schemes have no real upper limits. If you really want, you can theoretically use the contents of your entire hard disk as your password, but that would be silly and slow and bad.
I hope that helps.
Code:
if (strlen(password) is greater than 30) {
return "Your password must be 30 characters or less.";
}I hope that helps.
-
Approve
1
- Show all
