The pwd requirement for the site is annoying-- longer than most others. This isn’t a bank account-- can you please loosen the restrictions-- length at least?
Hi Miezner, thanks for the feedback.
For security reasons I won’t discuss all details of the password policy but the minimum length is 10 characters. According to NIST SP800-63B the minimum safe password length is 8 characters, but I’m generally of the opinion that length trumps complexity, meaning we could enforce all sorts of weird character requirements, but that gets silly. I’m sure you’ve seen sites with,
“your password must contain at least 6 special characters from the following list @$#%^&*!<>?..”
It’s generally easier for those who don’t use password managers to simply have a longer, but more memorable password.
Most people do use password management software (and if you don’t you should). Coupled with the ability to stay logged in (right now it’s set to 60 days), I think it’s safest to maintain the recommended password policy. If you can believe it, we’ve already had our share of initial “attacks” on the site. That usually comes with registering a new domain. But no penetration yet.
If you keep getting logged off, that’s another issue. Are you prompted for your credentials every time you visit the site?
2 Likes
Understood and not a big deal. Just have to log in from difft locations.
2 Likes