[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15/10/16 17:28, Eion MacDonald wrote: > > > On 15/10/2016 15:04, Brad Rogers wrote: >> On Sat, 15 Oct 2016 12:06:34 +0100 Henry Bremridge >> <henry.bremridge@xxxxxxxxx> wrote: >> >> Hello Henry, >> >>> The UK Government have launched a secure ID site >>> https://www.signin.service.gov.uk/about-certified-companies >> >> Seems you have to register/log in to read that page..... >> >> Choose a password between 8 and 12 chars. It must contain at >> least one numeral (0-9) and one lower case letter (a-z) no >> special chars and not contain the word password. I think I'll >> pass, thankyouverymuch. >> >> Putting restrictions like that on password choices makes it much >> easier to crack them: You know length limits, and have character >> restrictions, severely limiting choices. >> >> >> > > My existing Government ID on old government ID system was limited > to 12 characters. It appears this is limit in many government > database password set ups. (remember they set these up in DOS / XP > days! Presumably they gave this to the outside companies as > 'specification'. Crass it allows easier cracking as noted above as > specification of field is known. # Maybe it is worth making contact with the rip off Britain team and expressing our concern with regard to companies requesting short password lengths. If they made it 32 characters (as an example), they could at least give us the option of making it much longer, better than having a set maximum to a length that is far too short. Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlgCXq0ACgkQaggq1k2FJq2+/QCgkfyer+BxzNuPyjqjmswkcZ3G nqAAnjHS97z0fL9pmjVs3adxUhU43OsY =SXAq -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq