Please allow secure passwords.

merc

Newcomer

300g2g pts

13 years ago

May 5, 2012, 7:58:30 PM

Not allowing special characters in passwords makes them less secure.

MODNosferatiel

Informer

"God's in his heaven, all's right with the world." Nerv Motto, Neon Genesis Evangelion

MODNosferatiel

Informer

47 300g2g pts

13 years ago

May 5, 2012, 8:24:08 PM

merc wrote:
Not allowing special characters in passwords makes them less secure.

I'm not sure about the password length allowed, but you might be interested in the link:

http://xkcd.com/936/

Alderbranch

Newcomer

Alderbranch

Newcomer

500g2g pts

13 years ago

May 6, 2012, 1:26:01 AM

Its very true... except for the fact that there are password-breakers that both take 1337-speech into account and can do combinations out of wordlists.

That reduce the combinations availble to either normal words or well in the example above a sequence of 4 words. Sure theres more combinations than 10 numbers... or 28 letters... but that doesnt matter much since ppl are simple and thus use simple words for the most part.

Now the big issue here is neither of the above but rather that ppl still use passwords that are subject to social engineering-attacks (cause who hasn't had their siblings, parents, pets name at some point thinking its safe etc), very common passwords (like password1) or the password-request functions usually are sending unencrypted emails (sniffing here we come!).

magister_ludi

Newcomer

magister_ludi

Newcomer

13 years ago

May 6, 2012, 7:51:09 AM

I agree with merc. I want to be able to use special characters in my password. It was almost enough for me not to register as I generally have a selection of passwords that I use. Actually, I found that the whole registration process was unfriendly.

When I tried to use a full stop in my password, it totally refreshed the page thereby forcing me to reenter all the information. It was a small thing, but annoying.

Also I find the "Receive Mail" toggles confusing. The wording is that I click the toggle to enable the "receive mail" function, but the small print suggests that by clicking the toggle it actually disables this function.

Just a few thoughts,

- Daniel.

Mordac

Newcomer

Mordac

Newcomer

13 years ago

May 7, 2012, 4:26:55 AM

Hehe! I love the comic, it's true though. My first starcraft password got hacked easy. Add a few words and all of a sudden they are having more difficulty.

jetkar

Newcomer

jetkar

Newcomer

12 900g2g pts

13 years ago

May 7, 2012, 6:57:13 AM

I agree their should be surecured passwords in order to combat the clever bots and hardcore hackers out there.

Alderbranch

Newcomer

Alderbranch

Newcomer

500g2g pts

13 years ago

May 7, 2012, 7:19:59 AM

you dont have to be hardcore to use a pwd-cracker...

The only difference between a hardcore-guy and an amateur is how much the hardcore guy has been doing his homework.

How safe the password is depends most of the time on the user rather than on the system being applied.

BumpInTheNight

Newcomer

BumpInTheNight

Newcomer

13 years ago

May 14, 2012, 10:17:39 AM

So, why are special characters not available for passwords?

DEVSteph'nie

in Disguise

Blah blah blah.

DEVSteph'nie

in Disguise

43 600g2g pts

13 years ago

May 14, 2012, 10:20:08 AM

BumpInTheNight wrote:
So, why are special characters not available for passwords?

I believe there is an issue with vBulletin, our database and unicode characters.

Raptor

Newcomer

Raptor

Newcomer

1 700g2g pts

13 years ago

May 14, 2012, 10:31:53 AM

I can confirm that "]" and "?" are allowed to use in the password.

gyaku_zuki

Old Timer

gyaku_zuki

Old Timer

13 700g2g pts

13 years ago

May 15, 2012, 4:09:16 PM

I had to have my account re-created and pre-order bonus manually readded because there was no input validation at the time I registered. A rogue '#' and once I logged out I couldn't get in again, which of course I'd only realised after I'd associated my CD code etc :P

It sucks that special characters aren't accepted, because, more secure or not, it's mainly just a pain, but at least now it tells you before you get locked out! TBH I think the more pressing thing is the invisibility / lack of a "forgotten password reset" link on the login page.

VIPXorUnison

Stellar

Fan of the Endless Universe since the ES Alpha. Attended the Gamescon 2012/2015/2016/2017.

VIPXorUnison

Stellar

43 700g2g pts

13 years ago

May 15, 2012, 10:05:46 PM

gyaku_zuki wrote:
I had to have my account re-created and pre-order bonus manually readded because there was no input validation at the time I registered. A rogue '#' and once I logged out I couldn't get in again, which of course I'd only realised after I'd associated my CD code etc :P

Had the very same happen to me, wasn't exactly cool. Now I have 1000 points with the new allocated ones and before I had 1100, though I honestly don't care about that. The worst part was having an invalid password without knowing it. Usually I use a few special characters in my passwords but I'm fine wthout them as well. That's as long as I know they're forbidden.

Edit: Just found out the points shouldn't be cumulative, weird I had 1100 before...

IvanoffAlex

Wannabe Sefaloros

It's me, Mario!

IvanoffAlex

Wannabe Sefaloros

31 100g2g pts

13 years ago

May 16, 2012, 9:27:06 AM

I prefer user secured password too

werewolf_nr

Adamantian

If at first you don't succeed, skydiving is not for you.

werewolf_nr

Adamantian

33 300g2g pts

13 years ago

May 16, 2012, 6:15:13 PM

Steph'nie wrote:
I believe there is an issue with vBulletin, our database and unicode characters.

Oohh, imagine being a able to do true Unicode in passwords. There is just way too much fun you could have with that.

"Ok, now I need to enter these Cryrillic characters, then these Korean ones, then the Cherokee characters (even though nobody has them implemented)."

Oriomaeth

Newcomer

Oriomaeth

Newcomer

13 years ago

May 16, 2012, 9:06:44 PM

Hum..

At last I am able to remember my password and login. The reset password does not seems to work. And I have problem to remember a password that does not contain any special characters.

So yes, I can only agree with OP

BumpInTheNight

Newcomer

BumpInTheNight

Newcomer

13 years ago

May 19, 2012, 11:26:45 AM

Steph'nie wrote:
I believe there is an issue with vBulletin, our database and unicode characters.

Thank you for the honest response, that's kind of what I was figuring the reason was. Do you anticipate that situation may change at some point? I mainly ask because that was the first thing that came to my mind when my special-character ladden password was rejected and I guarantee that's also the first thing someone is going to home in on if they want to conduct nefarious actions against this site and the database it relies upon.

Click here to login

Comment

Characters : 0