Passwords

#1

i don’t come in here very often but tis the ONLY web site that tells me to use TWELVE characters…

Any chance of reducing this to 8 ?

All i end up doing is resetting my password every time i come in here…

I’m all for security but if banks and other financial institutions can do it with less than 12 why cant we do that here? My 8 characters passwords are secure enough if used with the usual special characters etc … 12 is just bonkers…

#2

Hi,

Have you consider using a password manager, such as lastpass.

Just because sites except a minimum of 8, doesn’t mean that by most standards its considered secure.

Look at:

https://passwordsgenerator.net/

Anything less than 16 is considered weak, I think 12 is about right myself. I would also recommend using 2fa as well.

Thanks Tom.

#3

i do indeed use a password manager for most of my sites … of course i also use Google / Safari / Firefox as well as these platforms on Ipad , Android and also use Tapatalk…

IMHO none of these password managers really are as all encompassing as they need to be across the platforms …

2FA and 16 Characters is a massive PITA to most people - Yes very very secure but at some point the user experience should also figure ( i dont always have that 2nd device to let me login somewhere so) - I don’t need a risk manager to tell me not to put my head into a bacon slicer but todays world seems to deem that necessary.

By all means recommend 12 and 2FA but dont enforce it if i dont want it… not one of my banking apps has 12 characters…

#4

Hi,

In my experience banks are one the worse for maintaining and encouraging high security standards. 8, 12, 16 would down to opinion what the minimum should be. But i’d had thought most (sensible) people would agree use alphanumeric, symbols and longer the better.

Roboform seems to cover majority of platforms either via apps or plugins. I didn’t mention it before as its free offering is not the best.

I agree having the 2nd device available is a pain, so strong password is the way forward then.

As for user experience hopefully one day the internet will be password free see this:

https://www.grc.com/sqrl/sqrl.htm

Till that day I think 12 characters is a good minimum, but that’s just my opinion. @sam_nazarko may think differently, but I think password length is set correctly ATM.

Thanks Tom.

#5

Keepass seems to cover all of them

#6

Hi fzinken,

You are correct keepass does have a good platform coverage, but the password database is self hosted.

To be provide support for phones & tablets, IMHO cloudbased password managers such as roboform may be a better fit.

Thanks Tom.

#7

At least on PC and Android the Dropbox integration works very well

1 Like
#8

The short answer – no, sorry.

1 Like
#12

a guy can only ask … definite overkill imho but its your system so you get to choose i guess…

#13

Not sure what the problem is. If you can’t remember more than 8 characters, just add #### (say).

#14

I just have to remember this is the only site out of the hundreds I visit where I need to add spurious characters to the end of my normal 8 character passcode …

I visit it infrequently enough I don’t remember that …

And yes my memory isn’t great now I am getting closer to 60 …

My personal view is it’s overkill but it is what it is…

I think we can end the discussion here tbh… I asked and it’s been answered…

1 Like
#17

I actually use KeepassX and it has clients for Linux, Windows, Android and IOS. I sync the PWD-DB’s using nextcloud on all our devices (at home). So it works nice.

#18

Hundreds of sites but you have problems remembering one 12 character password. I’m guessing you also use the same password on all those 100 sites. Which is also a security no-no…

Password managers are the way to go…

#19

Passwords are like underwear … Change them often. Don’t share them with friends! Be mysterious! The longer the better. Don’t leave yours lying around.

– Eric Griffin

1 Like
#20

You guess wrong … I use patterns , not words and I change regularly enough …

Anyway it’s a moot point …