Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

thedean's avatar
thedean
Contributor
10 days ago
Solved

Password complexity for this community

I was very disappointed when I logged into this new community for the first time.  The password is overly complex.  Your own best practices recommend password length over password complexity.  See the two article below:  

https://blog.1password.com/how-long-should-my-passwords-be/#how-important-is-password-complexity

https://blog.1password.com/nist-password-guidelines-update/

You would have been much better off just requiring a minimum length (of say 24 characters) and removing all the complexity.  You should do better to reinforce the your stated best practices in your own systems.

  • Thanks to everyone who reached out with feedback regarding password complexity and criteria and sharing valuable feedback as we’ve launched our new platform!

    The team has worked quickly to address some of these requests and we’re rolling out the following updates around account passwords later today:

    • The maximum password length will be updated to 125 characters.


    Criteria for password will be simplified as follows:

    • A minimum length of 15 characters
    • Usernames should not be part of your password
    • These criteria will be displayed to users creating a new password

    We’ve consulted with the 1Password security team to make sure these requirements align with industry best practices.

    Keep sharing your valuable feedback. We really appreciate it!

  • 1P_fran's avatar
    1P_fran
    Icon for Community Manager rankCommunity Manager

    Thanks to everyone who reached out with feedback regarding password complexity and criteria and sharing valuable feedback as we’ve launched our new platform!

    The team has worked quickly to address some of these requests and we’re rolling out the following updates around account passwords later today:

    • The maximum password length will be updated to 125 characters.


    Criteria for password will be simplified as follows:

    • A minimum length of 15 characters
    • Usernames should not be part of your password
    • These criteria will be displayed to users creating a new password

    We’ve consulted with the 1Password security team to make sure these requirements align with industry best practices.

    Keep sharing your valuable feedback. We really appreciate it!

    • MCooch's avatar
      MCooch
      New Contributor

      Good and quick action from 1Password. I'm not sure what people were thinking with the original format.

    • davebarnes's avatar
      davebarnes
      New Contributor

      Why do I need a minimum length of 15 characters for a forum?
      Do I really care if someone logs into my forum account?
      No, I do not.

      • flybynight27's avatar
        flybynight27
        Occasional Contributor

        If only there was a way for you to manage long passwords like that… 

        So you didn't have to remember them… 

        So it didn't matter how long they were… 

        So they were unique and secure, no matter what the site… 

        🤔

  • flybynight27's avatar
    flybynight27
    Occasional Contributor

    I was disappointed that my first attempt told me that my password was too long. The popup with the rules didn't specify a maximum password length, so I used 1Password's largest option of 100 characters. 🤔

  • KG4ZOW's avatar
    KG4ZOW
    Occasional Contributor

    If only there was a way to have the computer remember the password for you, so you don't have to remember it yourself ...

    Seriously though. I used 1Password's password generator to make up a new password for this forum. Five or more random words, with one or two of them capitalized, with random punctuation and digits between them. More than enough to satisfy the "rules" on the first try.

    This is my normal routine ... if anything the problem I run into most often is sites that have a maximum password length which is too low. (I don't know how long this one was, probably in the low 50's?)

  • davebarnes's avatar
    davebarnes
    New Contributor

    I hate password rules. I want my password to be what I want.

  • nciiis's avatar
    nciiis
    Occasional Contributor

    What is this? 1Password Agile Bits should know better than to provide bad advice like this!

     

  • musti's avatar
    musti
    New Contributor

    Yeah forcing your users on all these password requirements are really overwhelming.

  • eb1909's avatar
    eb1909
    New Contributor

    It would be very helpful to specify the maximum length.  Had to try several times to shorten it from the maximum 100 - finally ended up using 32 characters

    • flybynight27's avatar
      flybynight27
      Occasional Contributor

      I think it took mine at 64 characters. That's typically my next step down if 100 doesn't work. 

  • Chromejob's avatar
    Chromejob
    New Contributor

    Count your blessings. I signed up to a system today that required 12 or more characters, and what read like, "three each of upper case, lower case, numerals, and special characters." Three each?! Turned out it was "Engrish." One each was sufficient. But I still don't like sites that impose such complexity when it's a long string. Three of the four character types is sufficiently rigid, for 1998.