Mandatory Password Lengths

Discussion in 'Site and Forum Feedback' started by OutThere, Nov 28, 2005.

  1. OutThere macrumors 603

    OutThere

    Joined:
    Dec 19, 2002
    Location:
    NYC
    #1
    Hey...I've been thinking, since for the past year or so I've had a 1-character long password :eek: :p for the forums, maybe we should ask the powers that be to put in a minimum password length.

    Now, I understand that it's really stupid to have very simple passwords, but it's also asking for trouble to allow 1 or even 2 character passwords.

    Instead of starting a dialogue directly with arn I felt I'd post here and see what other people felt about it. Even though we've never, to my knowledge, had a major password-stealing issue here, it might be a good idea to enable some sort of minimum length for them...what do you all think?

    my password is no longer just one character, for all of you who are about to run off and start trying to log in as me!:rolleyes:
     
  2. clayj macrumors 604

    clayj

    Joined:
    Jan 14, 2005
    Location:
    visiting from downstream
    #2
    I agree completely. 6 characters should be the minimum length.
     
  3. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #3
    MUWAHAHAHA! None of you are safe! emw thought he had a good password but I hacked it anyway! Fool.

    Alright, it's really me (I swear :D) but in reality, I don't know that password limiting is all that helpful here. If someone really wanted to login as you, they could - assuming you get unlimited login choices. Half the battle is already lost, since our login user names are the same as our member IDs. If someone first had to get my user name and then work at my password, it's more difficult. Now, they just need the password.

    That being said, I'm now changing my password.
     
  4. Kobushi macrumors 6502a

    Kobushi

    Joined:
    Jun 7, 2005
    Location:
    Right behind you.
    #4

    Of course not. It's 2! :)

    yeah, I would agree with the both of ya. Minimum password lengths are a good idea and 6 is a good one to go with (although mine is longer)
     
  5. Lacero macrumors 604

    Lacero

    Joined:
    Jan 20, 2005
    #5
    I pity the fool who chooses to use 1 digit passwords!

    Here's to the Crazy Ones [​IMG]
     
  6. buryyourbrideau macrumors 65816

    buryyourbrideau

    Joined:
    Mar 1, 2005
    Location:
    Chicago
    #6
    For what reason would someone want to infiltrate your MR account...

    To come onto the forums and talk trash?

    :eek:
     
  7. Lacero macrumors 604

    Lacero

    Joined:
    Jan 20, 2005
    #7
    Not on MR... although some of the professional forums I visit where we talk trade, there are always a few who like to stir up crap and cause trouble for the peevish majority. They do it because people in my trade have big egos, and there are trolls who want to discredit or humiliate the other person by snide comments and taking on imposter alter egos.

    This problem doesn't exist on MR, thank-god.

    Here's to the Crazy Ones [​IMG]
     
  8. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #8
    A minimum password length would be a good idea, but I don't think vBulletin has an option for it. It does enforce a minimum username length (3 characters) but not one for passwords.

    We have never had a report that somebody guessed a password and misused someone else's account, but it could happen in theory, and the infiltrator could gather personal information such as your e-mail address that MacRumors itself would never give out, so having an unguessable password is a good habit.

    I hope nobody finds out that my password is "Q". That's the only letter on my keyboard, and "QQ", "QQQ", etc. are unpronounceable for my voice input software, so "Q" was the only choice I had ;)
     
  9. Jedi128 macrumors 6502

    Joined:
    Jul 7, 2005
    Location:
    New York, NY
    #9
    Ummm, personally I hate when some website/forum tells me my password has to be 100 characters in length or they won't allow it. Let everyone worry about there own @$$! If they want to make a one character password, let them! We're not ur mommy!
     
  10. Mitthrawnuruodo Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #10
    I like to go for the passwords too stupid to guess, like my all time favourite (from a Dilbert cartoon), six asterisks: ******

    :D

    Edit: On second thought I just had to go change my MR password from an equally stupid password to something a bit harder to guess... :eek: ;)
     
  11. Apple Hobo macrumors 6502a

    Apple Hobo

    Joined:
    Mar 19, 2004
    Location:
    A series of tubes
    #11

    ^^what Jedi said.

    For an informal forum, strong passwords are overkill. Now for my online bank access, I use letters & numbers. :cool:
     
  12. Lau Guest

    #12
    I know what you mean here. I have a system regarding passwords (I'm such a geek :D ) and I hate it when, say, Hotmail says "Nooo, you can't use your insecure password here" and I'm like "Er, I only use hotmail for spam. Please let me use whatever I like". I appreciate the warning, because not everyone's aware, but please don't actually restrict me. Just because Hotmail thinks it's important enough for secure passwords doesn't mean I think so. :p
     
  13. cjc343 macrumors 6502

    Joined:
    Jan 6, 2004
    Location:
    In the apple store, in front of a G5.
    #13
    My computer password is currently 20 characters. I was thinking about including the german double-s or some other rarely-used character that I don't know how to type on a Windows machine for (part of) my next password, but then I'd need to learn how to type it... and make sure I could type it in DOS...

    I once calculated how long it would take to crack my password assuming you used all the proper character sets. I assumed somewhere along the lines of 10 million passwords per second and still figured it would take a few decades to break it... I wish I had written down that number...

    It's been a few months... I need to go change all my passwords again...
     
  14. sushi Moderator emeritus

    sushi

    Joined:
    Jul 19, 2002
    Location:
    キャンプスワ&#
    #14
    I once had a very secure log in system.

    You had to enter three passwords correctly in the proper order to the same prompt to get in.

    For example:

    Password Account A?
    Password Account A?
    Password Account A?

    So for the first one, if you made a mistake, it replied the same as if you entered the correct password.

    This was back in the old terminal days were the password was printed on paper then over stroke a few times.

    There were a few folks who tried to break my password system. None did.

    I loved that system.

    As for MR, I would say that a minimum password length would be a good idea. Then again, if we were to go to that level, we should probably have a mix of letters (caps and smalls), numbers, punctuation, etc.

    Then again, maybe just leave it up to the individual.

    Sushi
     
  15. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #15
    I just signed up at spymac.com just for kicks, and I hate their whole security system. Passwords are restricted, you need a "character" code as well (pick 3 of 8 images in any order). It took me about 2 hours just to register (alright, a bit of an exaggeration).

    In all, for sites like this that contain essentially no personal information beyond e-mail addresses, a secure password seems to be overkill.
     
  16. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #16
    I've designed my own password-entry software and one of the tricks I invented was to allow or require backspaces in a password. The software has to be watching each keystroke, rather than using a standard text-entry field, to make this possible.

    A password like MACRUMOU(backspace)RS can be a bit harder for someone to steal even if they are looking over your shoulder as you type or sniffing packets on the network.

    If you are one of those people who uses your dog's name as your password, I suggest naming your dog "w45h:J%L6v". It makes calling him/her a little harder, but your accounts are safer! :)

    According to Gartner, the average office worker has 12 passwords and regularly forgets some of them. One study found that employees forget more than 4 passwords per year at a business cost of $9 per password.
     
  17. emw macrumors G4

    emw

    Joined:
    Aug 2, 2004
    #17
    I use my dog's nickname - l1ttl3 $#%!$@ ;)
     
  18. sushi Moderator emeritus

    sushi

    Joined:
    Jul 19, 2002
    Location:
    キャンプスワ&#
    #18
    Hey Q, how did you find out the name of my dog? ;)

    P.S. Please check gmail.

    Sushi
     

Share This Page