Higher password length limit

[Phaelyn]

Hi, 

I'm really loving v5 so far -- the interface is great, and I'm especially a fan of some of the new privacy features (especially the option to only let members view one's profile). However, I saw Syko's bug report thread a minute ago, and from what I can tell with Pat's post, the 25-char limit on passwords is intentional. While I currently have a short password (I plan to change it as soon as the functionality's available), I feel that 25 characters is a little low for the length limit. On other sites, my passwords are usually 32 characters, if not more, as (generally speaking) length with a little bit of complexity is more secure than brevity with lots of complexity.

I know the average user is likely to go with a bare-minimum password for their account, but I feel as if it wouldn't be a bad thing to still allow for heightened security.

[Syko Nachoman]

I hereby throw in my support for longer password lengths by invoking xkcd:

[Shrike]

Nov 22, 2012 9:33:08 GMT -8 Syko Nachoman said:

I hereby throw in my support for longer password lengths by invoking xkcd

You forgot the mouseover text

Wait a minute...with V5 we can...

[a rel="nofollow" target="_blank" href="http://xkcd.com/936/"][img src="http://i.imgur.com/bxS0b.png" title="To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize."][/a]

[Ryan Roos]

Hi Phaelyn!

I made a note in our staff meeting agenda to discuss this. It sounds like Pat already was cool with the current way. But i also want to make sure there aren't issues from v4 to v5 passwords. 25 is long enough to be extremely secure. But if people want longer we can respect that. No idea what the outcome will be. We're very busy trying to work towards v5 launch so no promises. Thank you for bringing this up.

[Phaelyn]

Thank you! I wouldn't expect the change soon, if at all, but I really appreciate you guys taking the time to discuss it

[Ryan Roos]

Just an update. We discussed it and the password length will be increasing to 100. Additionally we will be testing to make sure there are no issues with passwords from v4 to v5 during upgrading. Hope that helps make everything better.

[Chris]

Nov 23, 2012 9:57:43 GMT -8 Ryan Roos said:

Just an update. We discussed it and the password length will be increasing to 100. Additionally we will be testing to make sure there are no issues with passwords from v4 to v5 during upgrading. Hope that helps make everything better.

Thank you. Was just about to jump in on this discussion and ask for at least 32.

[Syko Nachoman]

Nov 23, 2012 9:57:43 GMT -8 Ryan Roos said:

Just an update. We discussed it and the password length will be increasing to 100. Additionally we will be testing to make sure there are no issues with passwords from v4 to v5 during upgrading. Hope that helps make everything better.

This pleases me.

[Phaelyn]

Nov 23, 2012 9:57:43 GMT -8 Ryan Roos said:

Just an update. We discussed it and the password length will be increasing to 100. Additionally we will be testing to make sure there are no issues with passwords from v4 to v5 during upgrading. Hope that helps make everything better.

Thank you so much! I seriously appreciate you guys discussing + deciding on it so quickly. 100 is absolutely high enough -- I was expecting a jump to 32, 64 at the most, if anything at all! 


(Sorry for responding so late )