Results 1 to 6 of 6

Thread: Bug: long passwords can't login

  1. #1

    Bug: long passwords can't login

    I believe that there is a bug with both the web site and forum if a user has a long password (over 20 characters).

    If you try to log into the main site, the password box only accepts 20 characters. If your password is longer, you are unable to log in. You get an error saying that the username/password isn't valid.

    If you try to log into the forum, you get the same error. However, you get directed to an error page where you can try to login again. This particular page does accept longer passwords, and you are then able to log into the forum. So, the workaround is to log in twice to the forum (but this still doesn't help you login to the main site).

    I've seen this bug for the past year and a half, but because I've only participated on the forum and because there is the workaround noted above, I never really knew what the bug was about. I've never been able to log into the main site (until I changed to a shorter password today), but I never understood why.

    I guess that the remedies are either: 1. fix the forms in both places to accept longer passwords; or 2. don't allow users to set their password to too-long passwords. I'd prefer remedy #1.

    Ben

    (Sorry if this bug has already been posted. I searched the forum but didn't see it mentioned earlier.)

    Edit: two years -> year and a half
    Last edited by Ben James Ben; 02-10-2006 at 07:40 PM.
    Other Canobie Lake Park fan sites include the Canobie Lake Park Information Archive and the CanobieFan site and forum.

  2. #2
    User of Prozac Cuddy's Avatar
    Join Date
    Jul 2001
    Location
    Kent, OH
    Posts
    11,878
    No offense, but why would you want a 20+ character long password in the first place? I'm no Tech Admin (that'd be in Graham's area), but I don't think there will be any rule set on how long a password can be, but I'd like to know how many users actually have a passwords (to ANY site) that is 20 or more characters long.
    Ask me why I say Banshee is NOT the new Kings Island coaster.
    Be sure to check out Speedzone as I have made 11 additions.

    Favorites: Amusement Park: Cedar Point, circa 1989 | Wooden Roller Coaster: Blue Streak (CP) | Steel Roller Coaster: Millennium Force (CP), never been on Drachen Fire

  3. #3
    I'm not offended. The reasons for having a 20+ character password are that, if you do it right:
    1. the password is more secure (because it's so long)
    2. the password is easier to remember

    Longer passwords are easier to remember if you use word phrases as your password. For example, "My voice is my passport. Verify me." would make a good, long, difficult to guess password (except for the fact that it's a line from a movie). It's also easy to remember, much easier than a short, cryptic password like "a!32Xi.e9".

    However, my guess is that less than 1 out of 300 users would think of using a 20+ character password.
    Other Canobie Lake Park fan sites include the Canobie Lake Park Information Archive and the CanobieFan site and forum.

  4. #4
    Theoretically having more characters in your password would make it more secure in that there are more possible combinations. However when you use all phrases it somewhat makes the length pointless since someone could use an algorithm that that tests phrases such as the one you just mentioned.


    Anyway, it shouldn’t be too much of a problem to fix. Someone will probably look into it this weekend.
    ThrillNetwork Tech Admin

    Favorites: Amusement Park: Cedar Point | Wooden Roller Coaster: Ghost Rider | Steel Roller Coaster: Millennium Force

  5. #5
    I'm the good looking one Steven's Avatar
    Join Date
    Jun 2001
    Location
    Where Brian F dreams of living
    Posts
    9,651
    Here's the issue with phrase passwords... despite their length, they are easier to crack than shorter passwords that are alphanumeric and contain symbols. The reason being is that since the phrase contains dictionary words, a password cracker can pick up on them pretty easily. Where I used to work, the sysadmin regularly ran a password cracker on all user accounts, and phrase passwords were indeed cracked.

    I use a pronouncable password, but certain letters I'd replace with numbers or symbols, like "p@5$w0rd", for example. Not once did my passwords get cracked. They are still easy for me to remember, and if I accidently said it out loud, not all was lost.

    As far as the "bug", I fixed it so there is no longer a limit in the box.
    Favorites: Amusement Park: Holiday World | Wooden Roller Coaster: Voyage | Steel Roller Coaster: Magnum

  6. #6
    The Electronics Guru
    Join Date
    Jul 2001
    Location
    Kentwood MI
    Posts
    2,710
    I personally use a password that is easy for me to remember that uses a simular technique as Steven mentioned.

    Using a brute force password cracker at 1,000 attempt per second, I estimate that it will take about 32,000,000,000,000,000,000,000,000,000,000,000,000 , 000,000,000,000,000,000,000,000,000,000,000,000,00 0,000 years to crack.

    Dictionary password crackers is the most basic kind and will take anywhere from seconds to minutes to crack any word set or phrase.

    An enhanced dictionary cracker will use capital letters starting from all capital letters, then just the first letters of the word and working on.

    A particularly good cracker will then sub for @ for a, 1 for i, capital letters, misspelled words ect. Time consuming but reasonable for long passwords that have a few subs.

    A brute force cracker will basically start with 1 charactor passwords and use every possible charactor. Then it will use 2 and use every possible combo, and so on. These are most effective for shorter passwords as it takes a significant more time for every added charactor.

    A good password is at least 6 charactors long and uses at least 2 subs. Going on with password as an example here are a few variations that are easy to remember and effective.
    "p@ssw0rd"
    "P@SSW0RD"
    "PaSSwOrd"
    "pa$$word"
    "pa55word"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •