[Home] [Downloads] [Search] [Help/forum]

Gammon Forum

See www.mushclient.com/spam for dealing with forum spam. Please read the MUSHclient FAQ!

[Folder]  Entire forum
-> [Folder]  Forum
. -> [Folder]  Announcements
. . -> [Subject]  Tighter rules for passwords
Home  |  Users  |  Search  |  FAQ
Username:
Register forum user name
Password:
Forgotten password?

Tighter rules for passwords

Postings by administrators only.

[Refresh] Refresh page


Posted by Nick Gammon   Australia  (21,322 posts)  [Biography] bio   Forum Administrator
Date Sun 13 Nov 2016 12:43 AM (UTC)

Amended on Sun 13 Nov 2016 11:12 PM (UTC) by Nick Gammon

Message
Due to recent issues, the forum software now imposes tighter rules for your passwords if you choose to change them from the default one the forum issues.

Rules for passwords



  • Must be at least 10 characters long. Can be up to 50 characters long.
  • Must contain at least two numbers, two upper-case letters, two lower-case letters, and two punctuation characters.
  • Must not be in a dictionary of the most common 100 passwords (eg. "password" or "letmein")
  • May not consist of more than 4 of the same character in any position (eg. "A1A2A3A4" would not be allowed).
  • May not contain sequences of 3 or more characters going up or down (eg. "abc", "456", "ZYX", "765").
  • May not contain repeats of 3 or more characters in a row (eg. "aaa" or "666" would not be allowed).
  • May not end with a number (so you can't just add numbers to a word, like "gorilla489")
  • May not contain part of your user name (so if your name is "Barbara" the password can't be "barb9642")


Since the password isn't echoed as you type it, you may well want to type it into a text editor in case it gets rejected (because otherwise, you'll have to type it in again).

A more sensible solution is to use a password safe, like KeePass (Windows) or KeePassX (OS/X and Linux) which also generates random passwords for you.

Regrettably, the days of easy-to-remember passwords are effectively over. If you can remember it, it isn't secure. A possible exception would be a long phrase like "Correct.Horse.42.Battery.Staple". That follows the above rules (of course, don't use that exact phrase).* See Password Strength - xkcd cartoon.






* It doesn't follow the above rules any more because those words are now in the disallowed dictionary of common words. However the concept would follow the rules. Just choose different words.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.


1,310 views.

Postings by administrators only.

[Refresh] Refresh page

Go to topic:           Search the forum


[Go to top] top

Quick links: MUSHclient. MUSHclient help. Forum shortcuts. Posting templates. Lua modules. Lua documentation.

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.

[Home]


Written by Nick Gammon - 5K   profile for Nick Gammon on Stack Exchange, a network of free, community-driven Q&A sites   Marriage equality

Comments to: Gammon Software support
[RH click to get RSS URL] Forum RSS feed ( https://gammon.com.au/rss/forum.xml )

[Best viewed with any browser - 2K]    [Hosted at FutureQuest]