Menu

#410 Please don't force users to choose a site password 10 characters long

open
nobody
None
None
2015-07-30
2015-05-19
unforgettableid
No

Hi!

You now require that all SourceForge passwords be 10 characters or more.

Yours is the only site I can think of which has such an odd requirement.

I use an algorithm to generate an password for every site I sign up for based on the name of the site. The generated password normally ends up being eight characters long. I'm sure I'm not the only person out there who uses a similar algorithm.

It is good to encourage users to choose a 10-character-long password. But you shouldn't force them to do so.

In a blog comment, a fellow named Ian R. adds:

I think it needs to be faced-up to that this password expiry and complexity soapboxing is a ‘straw-man’ to deflect attention away from the real security issues the software industry faces, of C buffer overflows, SQL code injection and Javascript XSS. Security sites indicate that these three make up the vast majority of hacks and vulns. Password bruteforcing doesn’t even figure on the list. And, shouldn’t be possible anyway if tarpitting is implemented. If anything needs expiring or deprecating, it is coding tools that require the coder to validate every single piece of user input for embedded malware. There is no reason to be using such tools, other than they were introduced in the security-naive early PC era and have become entrenched in the IT subculture.

"sneezekitty" adds:

For something that doesn’t need critical security like sourceforge 10 characters is absolutely ridiculous. I have a poor memory and have difficulty with even eight characters. And using password managers isn’t very secure because malicious software can hijack the entire database and ALL your passwords

Anyway. You can warn users and encourage them to choose 10-character-long passwords. But could you please not force them to do so?

P.S. Thank you for continuing to keep SourceForge running!

Discussion

  • Zangune

    Zangune - 2015-05-19

    Greetings, I partially agree with you, but this is a "feature" request, so it should be asked here, anyway it can be moved in the correct place now, just remember that for next feature request you will ask.

     

    Last edit: Zangune 2015-05-19

  • John Barrett

    John Barrett - 2015-05-19

    Ticket moved from /p/forge/site-support/10333/

    Can't be converted:

    • _page:
    • _related:

    Moved to feature request

     

    Last edit: John Barrett 2015-05-19

  • Zangune

    Zangune - 2015-07-30
    • Status: unread --> open
     

Log in to post a comment.

MongoDB Logo MongoDB