Register forum user name Search FAQ

Gammon Forum

Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to "verify" your details, making threats, or asking for money, are spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the password reset link.
 Entire forum ➜ Forum ➜ Announcements ➜ Tighter rules for passwords

Tighter rules for passwords

Postings by administrators only.

Refresh page


Posted by Nick Gammon   Australia  (23,051 posts)  Bio   Forum Administrator
Date Sun 13 Nov 2016 12:43 AM (UTC)

Amended on Sun 13 Nov 2016 11:12 PM (UTC) by Nick Gammon

Message
Due to recent issues, the forum software now imposes tighter rules for your passwords if you choose to change them from the default one the forum issues.

Rules for passwords



  • Must be at least 10 characters long. Can be up to 50 characters long.
  • Must contain at least two numbers, two upper-case letters, two lower-case letters, and two punctuation characters.
  • Must not be in a dictionary of the most common 100 passwords (eg. "password" or "letmein")
  • May not consist of more than 4 of the same character in any position (eg. "A1A2A3A4" would not be allowed).
  • May not contain sequences of 3 or more characters going up or down (eg. "abc", "456", "ZYX", "765").
  • May not contain repeats of 3 or more characters in a row (eg. "aaa" or "666" would not be allowed).
  • May not end with a number (so you can't just add numbers to a word, like "gorilla489")
  • May not contain part of your user name (so if your name is "Barbara" the password can't be "barb9642")


Since the password isn't echoed as you type it, you may well want to type it into a text editor in case it gets rejected (because otherwise, you'll have to type it in again).

A more sensible solution is to use a password safe, like KeePass (Windows) or KeePassX (OS/X and Linux) which also generates random passwords for you.

Regrettably, the days of easy-to-remember passwords are effectively over. If you can remember it, it isn't secure. A possible exception would be a long phrase like "Correct.Horse.42.Battery.Staple". That follows the above rules (of course, don't use that exact phrase).* See Password Strength - xkcd cartoon.






* It doesn't follow the above rules any more because those words are now in the disallowed dictionary of common words. However the concept would follow the rules. Just choose different words.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
Top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.


8,022 views.

Postings by administrators only.

Refresh page

Go to topic:           Search the forum


[Go to top] top

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.