Password strength

Password strength

Postby Zeno » Wed Jul 27, 2011 10:45 am

Hi

The password requirements are set up a bit too strict. I would recommend making it a bit less restrictive to encourage people to sign up for the forums.
Zeno
 
Posts: 3
Joined: Wed Jul 27, 2011 10:16 am

Re: Password strength

Postby Jillian » Wed Jul 27, 2011 4:35 pm

Hiya, Zeno!
Thanks for your feedback. :ear: The password requirements are listed at registration as:
Password must be between 6 and 100 characters long, must contain letters in mixed case, must contain numbers and must contain symbols.
However, I don't think this is actually enforced at signup. I'll look into it. Perhaps Jesse can chime in with more info. :y0!:
Image
President, NYMSTF
http://www.nymstf.org
User avatar
Jillian
 
Posts: 575
Joined: Fri Oct 29, 2010 12:28 pm
Location: New York, NY (Yorkville)

Re: Password strength

Postby Zeno » Thu Jul 28, 2011 9:26 am

I recently signed up and it forced me to have a very complex password.

For financial institutions it makes sense, but for a casual board, I think it will prevent users from signing up and taking advantage of the resources and contributing. There's probably a way to relax the password requirement.
Zeno
 
Posts: 3
Joined: Wed Jul 27, 2011 10:16 am

Re: Password strength

Postby jerlbaum » Thu Jul 28, 2011 11:07 am

Zeno wrote:Hi

The password requirements are set up a bit too strict. I would recommend making it a bit less restrictive to encourage people to sign up for the forums.



Hi Zeno --

The reason the password requirements are stringent is to combat spam. Believe it or not, requiring complicated passwords virtually eliminates spam users. We used to get dozens every day, and now get only a couple a month.

I understand that excruciatingly complex passwords are a pain, and certainly not needed from a *security* point of view for a site like this. However, it is truly one of the few changes an administrator can make these days which will stop the flood.

Jesse
User avatar
jerlbaum
Site Admin
 
Posts: 193
Joined: Wed Oct 06, 2010 3:41 pm

Re: Password strength

Postby Steve » Sat Jul 30, 2011 12:20 pm

I've been meaning to say, I've found a PHPBB trick involving a patch to the registration code that's virtually eliminated all robo-spam on my dev site without inconveniencing real people-type users at all. I'll tell you about it offline.
Steve
 
Posts: 19
Joined: Wed Dec 22, 2010 12:40 pm

Re: Password strength

Postby Brad Berson » Tue Aug 02, 2011 9:27 am

Also note, for those of you who are inclined to downplay the problem of spam (and perhaps at the same time downplay the value of your sysadmin's time), some of that spam contains links to malware. It would be a shame for an unsuspecting forum user to click on one of those links and end up in the bowels of computer hell.
User avatar
Brad Berson
 
Posts: 139
Joined: Wed Oct 06, 2010 10:00 pm


Return to Help with the Forum

Who is online

Users browsing this forum: No registered users and 1 guest

cron