| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: Website Support
Thread: Password only 15 characters? |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 7
|
|
| Author |
|
|
TheSwedishLord
Cruncher Joined: Jun 3, 2012 Post Count: 1 Status: Offline Project Badges: 
|
Why can't WCG accept longer passwords than 15 characters? That forces me to use a much less safe password than I normally would use.
----------------------------------------Please fix ASAP so we can use longer password than 15 characters! /Henke [Edit 1 times, last edit by port513 at Mar 9, 2013 1:53:29 PM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Opinions differ on the matter but if you google on safe passwords lengths and consider the context of what we do here [not banking money], 15 is considered well and truly sufficient. A good mix of random letters and numbers and using capitals and small interspersed gives you one Ford Knox security would accept. For the moment, don't think anyone is interested to do a brute force attack on the BOINC crunching accounts to steel the points, or hijack your account. A brief wiki article for reference: http://en.wikipedia.org/wiki/Password_strength
BTW, I've got a free program called Keepass in which you can test a passwords bit-strength, 15 characters gives easily 80 bit hardened passwords, and that's only alphanumeric. You'd need a supercomputer equivalent to crack that or lots of time, by which higher number of attempts IBM will long have locked the account and send interpol out to catch the villain. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
P.S. Never ever use a password in 2 places [though if you use the central control BOINC Account Manager, it is advisable for all BOINC projects]. The password used in BOINC world is strongly advised to only apply to BOINC world, will it never expose anything else you do on the internet. Also the use of an email address for the sole purpose of using in the Grid computing world, a jettable email account so to speak, would add to your security.
|
||
|
|
cjslman
Master Cruncher Mexico Joined: Nov 23, 2004 Post Count: 2082 Status: Offline Project Badges: 
|
Most organizations consider 8 characters the minimum necessary for a password. A 15 character password is more than enough secure.
----------------------------------------CJSL Crunching for a better future... |
||
|
|
rilian
Veteran Cruncher Ukraine - we rule! Joined: Jun 17, 2007 Post Count: 1442 Status: Offline Project Badges: 
|
"640kb ought to be enough for anybody" (c)
----------------------------------------if WCG limits password length, then probably password is stored in unencrypted/unsalted way Also now appear a lot of software that produce a hash from your user-input password, and you use this hash on sites, instead of using user-generated password |
||
|
|
cjslman
Master Cruncher Mexico Joined: Nov 23, 2004 Post Count: 2082 Status: Offline Project Badges:
|
I would be really surprised if users passwords of this site weren't encrypted... but let's ask the techs: Are our passwords encrypted?
----------------------------------------CJSL Crunching for a better tomorrow... |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
What you think about WCG being the only BOINC project using https instead of http to connect ;?
|
||
|
|
|