Concerning password character limits

Follow topic: Email Notify on site

Post Reply

	Rick Blair · May 19, 2016 · Denver · Joined Oct 2007 · Points: 266 Marc801 wrote:Unfortunately that xkcd advice doesn't quite work as well as it once did. Read this if you want more: schneier.com/blog/archives/… And that is 2 years old at this point. I suspect even that advice is a little dated. I believe there is a simpler way of doing what he did. Use a pass phrase and mis-spell a word or 2 or switch languages. correct hest battery staple But seriously Mountain Project, SSL certs are not expensive. Also the response headers from your server: Server: Apache/2.4.16 (Amazon) X-Powered-By: PHP/5.6.17 I would get rid of that as well. 0 Flag Quote
	christopher adams · May 19, 2016 · Unknown Hometown · Joined Apr 2006 · Points: 0 Marc801 wrote: If someone started posting child porn or death threats toward public or political figures under your name/account, I think you might care a bit. With that kind of very specific paranoia and fear mongering, do you mind if I ask your political leanings? 0 Flag Quote
	Rick Blair · May 19, 2016 · Denver · Joined Oct 2007 · Points: 266 christopher adams wrote: With that kind of very specific paranoia and fear mongering, do you mind if I ask your political leanings? You don't understand. Someone who does not like you could send a death threat to the president. Everything will be fine of course when the Secret Service investigation is over. Sounds like fun. That's just IT security 101. Actually that is a stupid example on my part because there is no way to send email from MP to anyone that does not have an account, the child porn example is better. 0 Flag Quote
	Marc801 C · May 19, 2016 · Sandy, Utah · Joined Feb 2014 · Points: 65 christopher adams wrote: With that kind of very specific paranoia and fear mongering, do you mind if I ask your political leanings? I don't quite see what that has to do with it. There are well documented cases of both of those scenarios occurring via compromised accounts (not specifically MP accounts). And I don't buy into the paranoia and fear being peddled by any of the current political candidates. I can't bring myself to call them presidential candidates as there isn't anything remotely presidential about any of them. 0 Flag Quote
	Ryan M Moore · May 19, 2016 · Philadelphia, PA · Joined Oct 2014 · Points: 35 Phil Lauffen wrote:And its.... mountain project. Your important passwords will have special characters. What are you worried about? Someone posting dumb shit on forums in your name? That job is already taken care of. Win! As to the child porn argument, as soon as any law enforcement is involved, IP addresses are going to be pulled and you'll be cleared as soon as the investigation starts. 0 Flag Quote
	Rick Blair · May 19, 2016 · Denver · Joined Oct 2007 · Points: 266 Ryan M Moore wrote: Win! As to the child porn argument, as soon as any law enforcement is involved, IP addresses are going to be pulled and you'll be cleared as soon as the investigation starts. Good point Ryan, wouldn't that be great to be cleared of child porn charges? 0 Flag Quote
	grog m · May 19, 2016 · Saltlakecity · Joined Aug 2012 · Points: 70 This is the kind of thread I wish I hadn't commented on. 0 Flag Quote
	Nick Wilder · May 19, 2016 · Boulder, CO · Joined Jan 2005 · Points: 4,098 A few official answers: * https works now, and everything will switch to use it 100% of the time in a couple months (we are waiting for older versions of the mobile app to phase out, which use http and cannot handle a redirect). You can stick https in the url now if you want to. we do not store passwords in plain text. they are salted and hashed. the entire login/signup system will be re-done in a couple months and the requirements for new passwords will change then. 0 Flag Quote