Welcome and bye bye {- forum password length}



  • I have become fond of the Win browser and decided, despite the chaotic nature of Vivaldi, to open an account. Quelle surprise...... 12 character password. Well, I use 8 character passwords in a way which suits me and which I am simply able to remember. There are many but at eight I am able to simply recall from memory and change and remember at will. So, big fail on requiring 12 characters. I do not write passwords anywhere and I do not store them electonically. Of course if someone is determined to learn the code then there is nothing anyone alive can do about that but all in all, my way of protecting passwords is excellent. 12 character code is useless to me and is an immense fail. I'm quite serious and for one and all involved with development I will point out that security very quickly impairs and ruins usability which..... as I understand things is what the entire project is about. I will forget this password because it is 12 characters and because I do not intend to spend forever more resetting the password, the account is useless and worse than useless in being stupidly frustrating as most admin edicts are. A 12 character password code is anti-usability and as dumb as ducks.

    There ya go. Totally useless advanced features. So sad.


  • Moderator

    @herosrest Sorry to hear that you feel this way.

    Well, I use 8 character passwords in a way which suits me and which I am simply able to remember.

    Okay, well, if you should change your mind then go with that and add 1234 to the end.



  • @herosrest said in Welcome and bye bye {- forum password length}:

    chaotic nature of Vivaldi

    ok, Vivaldi is clearly not for you, be happy with chrome then.


  • Community Manager

    @herosrest we feel sad to see you go. 😢
    The reason why we are pushing for passwords with at least 12 letters is that, according to Intel, it takes 15 hours for hackers to crack 8 letters password and and 4'000'000 years to crack a 12 letters password.

    See it for yourself with their demo here 👉 https://gph.is/1j1BJEl



  • @gaelle Yes, but that still assumes they are able to obtain the actual password hash first, and you're not going to let that happen, are you? 😉

    Nobody in their right mind would brute-force a login dialog by trying several million combinations, their IP would most likely be blocked.

    Personally I think 8 letters is fine for most people... obtaining a password hash means security has failed miserably somewhere else and not in the length of the password...


  • Moderator

    @Pathduck said in Welcome and bye bye {- forum password length}:

    they are able to obtain the actual password hash first ....

    Their (NodeBB) control&access software is simple. The UI and the check boxes, where the admin defines the user auth

    @Pathduck said in Welcome and bye bye {- forum password length}:

    Nobody in their right mind would brute-force a login dialog by trying several million

    Lol, true. Remember, there was no Ryzen

    Lastly, I use a sentence as my pw, and change it regularly.

    Edited: removed unnecessary quotes



  • Well, it depends on how the passwords are stored in the database. If you use Argon 2 with aggressive enough parameters, you could make it so the hash is nearly impossible to compute in the first place, let alone collisions. If the GPU farm is doing 10 hashes a second on a 1 megabyte key, it might take them a hot minute. You'll have to wait in line to log in of course if the server can only process 1 login a minute.

    If you have to rely on every service provider to keep you safe, eventually someone will fail and with an easy to crack password and password recycling, you're not doing yourself any favors. I'd recommend a password manager with unique and random passwords for every website. Then if any one website fails, they have a useless string of random characters unusable for anywhere else.


  • Moderator

    Not only the storage, a safe Db. Password are sending and receiving data, hence .....


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.