Password Problems for this board

[Dwedit]

In the User Profile page, you can set a password up to 100 characters long. However, on the login page, the max length for your password is 25 characters.
I use a 32 character password, so I've been locked out of my account several times, and have even hit the "30 minute wait" after 5 failed logins.

[sanguinehearts]

get a shorter password...
dont you get bored typing that?

[Dwedit]

I use a tool to generate a secure 32 character password.

[Longcat]

but who on earth would want to hack you ScummVM forums account? 25 characters should be more than enough.

[clem]

Despair thy not! A patch has been posted to the tracker

[Vinterstum]

I use a tool to generate a secure 32 character password.

If you include both lower and uppercase letters, numbers and maybe a symbol or two, even a 10 character long one is extremely uncrackable.

[Arantor]

This all assumes, of course, that the code doesn't truncate it upon trying to log in anyhow.

[Dwedit]

My password looks something like "E56C9BA4C5344AAFCCF7628B1E0548BB", but it's a different set of hex characters. 128 bits isn't too bad.

[sev]

And as I suppose, you don't memorize those passwords, rather, have them written somewhere. If it is so, then it completely breaks your security.


Eugene

PS. Throw away that tool. Those passwords are less secure than 20 characters long passwords with all printable characters involved (both upercase and lowercase letters, numbers and other symbols).

[clem]

This all assumes, of course, that the code doesn't truncate it upon trying to log in anyhow.

I only looked at the forum template and not at the php code; in any case the behavior should be consistent and accept the same password length on both screens.

[clem]

Update: According to the sourceforge item, the problem should be resolved.