Community password


#1

Why does this community need a 10 character password? That is absurd. Yes, I know I can log in using Facebook or Google + (neither of which I use – ironically for security reasons). Consider loosening your password requirements for the community.

-Aaron-


#2

I agree with Aaron. Maybe make it easier. I have a hard time remembering passwords.


#3

@AaronD12

Thank you for the suggestion! We take security very seriously but maybe 10 characters is a tad much.

I will pass this along to our community manager. Thank you for your support! Have a great weekend!


#4

Security or privacy, I’m not aware of any serious security issues with either vendors open auth? If you know of any please pass along.


#5

Password is now down to 8 characters!


#6

Thank you! While I am security-conscious, there are things that just don’t need strong passwords.

Taco Bell’s app is a perfect example. The password must be 8 characters long, have a capital letter, a number, and a symbol (e.g., # $ %). C’mon. To order a taco? :smirk:


#7

Nefarious characters can commit bad acts if they know how you like your tacos… think about how much that is worth. :taco::taco::taco:


#8

Well that is a financial transaction and subject to pci compliance…just saying


#9

I had to look again, but you’re right. They do cache credit card info. Makes me wonder why their security settings are higher than either of my bank’s online banking settings though. They must really be proud of those tacos. Hehehe.


#10

As of 2016, the party with the more inferior security is responsible for a fraudulent transaction as it is assumed that was the attack vector so you are seeing cya in motion.

There is more to it than that but this is irrigation, just trying fished some light on why that retardation exists


#11

Plus keep in mind, the reason for the (used to be) 10 character password is because of the computational complexity required to brute for the password. It’s helpful because this forum has indicative information if someone supplied it, and this type of information is useful for committing social attacks. It’s just a cautious step. If you are interested read how a tech blogger lost his tweeter account and had his mac erased. It was a very impressive attack and complicated attack.


#12

What I thought was odd was that even though they required 10 characters, there were no character restrictions. I used all lower-case letters and it was fine with my choice.


#13

I’m not a fan of special chars, that doesn’t lessen the likely hood of a brute force attack on a gpu, just someone guessing the password


#14

Of course it does. If you’re only brute forcing on someone lazy like me, you have only 26 characters to filter through instead of 96. :wink:


#15

Not if the full range is allowed, making it required does nothing

Sorry I’m assuming dictionary attack is not used.


#16

Twitter.