I've only just joined the forum, and have a simple query regarding the login password.
When I created my profile I had to create what I thought was the most insanely long and complicated password otherwise my profile was not accepted. I am thinking that there was some fault at the time as the password length was way beyond what I would have thought was reasonable.
I appreciate that on this site stonger passwords may be required.
Maybe the rules have changed, but my password length was quite short and was (and is) accepted. It helps if you mix up letters and numbers, perhaps throw in a few random symbols, to improve the password strength. Length alone might be a factor if you stick to alpha or numeric. How long was the password you had to create?
My password was 48 characters long. My basic password which I use for many sites (which has a variance depending for each site) is 13 characters long inc' letters and numbers. I have another password 24 characters long inc' letters and numbers which I use for important stuff but even this was way below the 'required strength'. I basically had to double up my long password inc' various key changes and even this was only just strong enough to be accepted.
Google asked me if I wanted to save this password for this site, I said no but really should have said yes I think.Message was edited by: mikegml on 3/31/13 4:59:11 AM CDT
Sounds crazy. I'm going to create a throwaway account and see what it asks for. But if you somehow came in through Google (Chrome OS?) maybe there are other factors in play here.
Next user to post should be Everingham. Still me. Give me a while to sort it out.
Well, you may well be right about the password strength requirement being toughened up. It took me four tries before it would accept my password, although it accepted a length of 20 characters rather than 45. Possibly that's because I inserted non-alphanumeric characters in the final try. I'll have to ask why this was deemed necessary, and try to fins out what the minimum length is for alpha-only, alphanumeric only, and mixed alphanumeric/symbol passwords. An interesting experience, I haven't tried setting up a new account for quite a while.
I have a feeling that when I ask whose idea it was to tighten up password security on this site, the Site Admin is going to look askance at me and say the idea was mine. Last year, after LinkedIn was hacked (and others too) and passwords dumped by the million, I posted in an internal group a message with the heading "Is there any enforcement of password strength at account creation?". No-one replied to it, but that doesn't mean that no-one read it. I take it there wasn't before but there is now, and last year's theft of user details from all and sundry (and maybe my post as well) was the cue to tighten up security.
Still, 48 characters does seem very excessive.
I created a new account seconds ago and it was approximately eight characters long. It included a cap letter, lowercase and special character -- all the suggested requirements for a strong password. Without screen shots it's hard to judge if this was a temporary bug produced by us or not. Should it arise again, please post incidents to this thread so we can watch for trends and ensure the proper folks are investigating.
Thank you for bringing this to our attention, Mike.
Enterprise Community Manager, McAfee