Password chars on community account registration

  • 1
  • Problem
  • Updated 2 years ago
  • Acknowledged
Trying to register a community account, I entered an alphanumeric password first. The server didn't accept it, suggesting to add some symbols: "Acceptable symbols include ($, #, ^, & ....)". The "..." is commonly interpreted as "and other like that" so I  added the underscore (_). But the server rejected my password once again. It accepted the password only with the "$" but not with the "_".

Underscore is the very common symbol so if it is not allowed for a password, it is better to mention it explicitly in the hint.
Photo of Eugene Muzychenko

Eugene Muzychenko

  • 4 Posts
  • 3 Reply Likes

Posted 2 years ago

  • 1
Photo of Danny K5CG

Danny K5CG

  • 382 Posts
  • 61 Reply Likes
Furthermore, the inclusion of special characters and mixed case letters, is much weaker than one might think if the password is not long enough. Any hacker that is going to attempt a brute force breach will have included all of those special characters anyway. The REAL solution to password strength is length, regardless of the characters in use. Choose a phrase that is easy to remember like "flexradiosarethebomb".

A more thorough explanation here http://blog.globalknowledge.com/2017/07/12/password-complexity-youre-doing-it-wrong/

In any case, the ultimate solution is to eliminate passwords altogether. It would be very cutting edge for FRS to take a lead in this area and implement Trusona as an auth mechanism option on the SmartSDR login panel. Goodbye password!
Photo of Eugene Muzychenko

Eugene Muzychenko

  • 4 Posts
  • 3 Reply Likes
I know that. But in such case, the problem is proper server tuning, not a security issue. :)
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9197 Posts
  • 3557 Reply Likes
Official Response
The Community software is a SaaS product we lease form GetSatisfaction.  You will need to address this concern with them
https://getsatisfaction.com/corp/help-center/