Password rules when creating an account seem odd

The password length is forced to 8 (or 10? i don’t remember. More than usual) characters. I usually have short but strong passwords, and was a bit annoyed that i was forced to divert from my ways. Thus i stubbornly tried 12345678 And it was accepted. No worry, i did not use it :slight_smile: But anyway, it seems a bit odd to force long passwords but accept even ridiculously weak ones. If that is the supposed behavior i don’t complain, but it seems as it could be not on purpose.

There is no such thing as short but strong. Short makes it bruteforcable, regardless how “strong” it is, unless you use unicode for your password.

A strong passwort is one that is only breakable by brute force and not by a dictionary attack. Thus, the long 12345678 is weaker than the short aS3&e$, as it is part of any good script kiddies dictionary.

Granted, the best passwords are even longer and made up of common words:

Anyway, not here for a discussion about passwords, just wanted to mention something that might be an error. If everything as its intended i am fine with it :slight_smile:

Minimum password length is 10 characters, so “12345678” wasn’t accepted. There’s some sort of filter to disallow the 10k most common passwords. Maybe “1234567890” or whatever actually worked for you isn’t one of them. These are the forum defaults though and not something we’ve spent a lot of time thinking about.

Ok :slight_smile: