Outdated forum password requirements

If you have any 'mechanical' forum or Joomla! sites related issues/suggestions with joomla.org, community.joomla.org, forum.joomla.org, vel.joomla.org.
Forum rules
READ ME <-- please read before posting, this means YOU.
Post Reply
Peter Boughton
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Mon Aug 19, 2019 1:09 pm

Outdated forum password requirements

Post by Peter Boughton » Mon Aug 19, 2019 1:42 pm

When registering on the forums just now, the password requirement was:

Password must be between 6 characters and 30 characters long, must contain letters in mixed case and must contain numbers.
Having an upper limit on length is usually a sign of them being stored incorrectly.

Requiring mixed case and numbers is merely security theatre - obviously "Password1" is completely insecure, yet it meets those requirements, whilst "£$*%&*(%$^^£$@*%^&^" was secure (before I posted it), but does not.

A better solution is a password strength meter like zxcvbn which provides a more meaningful measure of security (with optional feedback on detected weaknesses).

User avatar
ooffick
Joomla! Master
Joomla! Master
Posts: 11403
Joined: Thu Jul 17, 2008 3:10 pm
Location: Ireland
Contact:

Re: Outdated forum password requirements

Post by ooffick » Tue Aug 20, 2019 6:15 am

Hi

I don't think it would be a big issue, but I have increased the upper limit to 100.

Even if we would implement a password strength meter, phpbb would still enforce a upper and lower limit.

Here is one of the extension we could uwe
https://www.phpbb.com/customise/db/exte ... _strength/

Kind regards
Olaf
Olaf Offick - Global Moderator
learnskills.org


Post Reply

Return to “Sites & Infrastructure - Feedback/Information”