Having been having trouble logging in to the site a couple of times, have had to reset password and login everytime.
It seems like change password silently truncates passwords while login does not. This leads to situations where if you change password to something too long(and thus gets truncated) you cannot login and have to reset the password. This goes unnoticed since changing password does not immediately require you to login with it.
It seems to happen in the 32-64 character range.
It seems like change password silently truncates passwords while login does not. This leads to situations where if you change password to something too long(and thus gets truncated) you cannot login and have to reset the password. This goes unnoticed since changing password does not immediately require you to login with it.
It seems to happen in the 32-64 character range.
> password over 32 characters
It should not be necessary to go over 32 characters. Yet.
xkcd: Password Strength
936: Password Strength - explain xkcd
Four simple words will take centuries to crack at 1,000 guesses per second.
This result is widely disputed; for example. OK, pick six words. And spice with some non-letters.
Want the machine to pick characters inhumanly?
XKPasswd - Secure Memorable Passwords
Also DIYaudio is NOT your bank!! The forums gallery and wiki are not "precious" to most users. (Moderators need a little more care; at another place we have another layer of indirection.)
It should not be necessary to go over 32 characters. Yet.
xkcd: Password Strength
936: Password Strength - explain xkcd
Four simple words will take centuries to crack at 1,000 guesses per second.
This result is widely disputed; for example. OK, pick six words. And spice with some non-letters.
Want the machine to pick characters inhumanly?
XKPasswd - Secure Memorable Passwords
Also DIYaudio is NOT your bank!! The forums gallery and wiki are not "precious" to most users. (Moderators need a little more care; at another place we have another layer of indirection.)
Attachments
Last edited:
I get what you are saying but you should not ever truncate passwords, you really shouldn't do it silently and you especially shouldn't do it inconstantly.
Besides that you should (if you actually care about security) use passwords managers in which case it doesn't matter if the password is 10 or 128 characters, you don't have to remember it anyway.
Besides that you should (if you actually care about security) use passwords managers in which case it doesn't matter if the password is 10 or 128 characters, you don't have to remember it anyway.
Unfortunately almost everything I have ever worked with truncates passwords silently. It's not good because it leads people into a false sense of security. linux and unix used to truncate at 8 characters, it still worked if you typed in the long one because when it read the password it also truncated it.
Tony.
Tony.
- Status
- This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.