"Passwords must not contain all letters or numbers, and be at least 6 characters and no more than 10 characters long"
WHY???? I just don't understand how here in 2016, we're limited to 10 characters.
Yeah I saw something similar recently and thought the same.
They may be using a fixed length field limited to 10 characters. Of course if you entered > 10 they would give you an error instead of truncating the added characters. Then they would test to make sure the count is > 5 for added security.
John
On 06/28/2016 09:13 AM, Alan Bourke wrote:
Yeah I saw something similar recently and thought the same.
--- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html ---
On 28 June 2016 at 17:26, John R. Sowden jsowden@americansentry.net wrote:
They may be using a fixed length field limited to 10 characters.
Probably running on a COBOL database! In all seriousness you should NOT be storing the password in any form, but instead a salted hash of the password.
You exposed my knee jerk response to the issue. actually we do that. I started doing that in the '90s (in Foxpro/DOS) when I found that is what linux does!
On 06/28/2016 09:44 AM, Paul Hill wrote:
On 28 June 2016 at 17:26, John R. Sowden jsowden@americansentry.net wrote:
They may be using a fixed length field limited to 10 characters.
Probably running on a COBOL database! In all seriousness you should NOT be storing the password in any form, but instead a salted hash of the password.
--- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html ---
On 2016-06-28 12:44, Paul Hill wrote:
In all seriousness you should NOT be storing the password in any form, but instead a salted hash of the password.
Agreed! So glad I retooled mine for FabNet years ago with a salted hashed encrypted value. Big thanks to this list for the guidance. I will probably publish the class in the ProFox downloads for others interested in using the same approach when I have time.
Its an old foxbase+ system and nobody is allowed to touch it.
On Tue, Jun 28, 2016 at 11:16 AM, < mbsoftwaresolutions@mbsoftwaresolutions.com> wrote:
"Passwords must not contain all letters or numbers, and be at least 6 characters and no more than 10 characters long"
WHY???? I just don't understand how here in 2016, we're limited to 10 characters.
[excessive quoting removed by server]
I worked for 10+ years in a big AU bank. They passed passwords between systems in essentially clear text (in fact they were encrypted but everyman and his dog knew or had easy access to the encryption key) - bottom line though is the passwords were stored in a manner that could very easily be exploited. And banks go on so much about security - it is a smoke screen.
-----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of mbsoftwaresolutions@mbsoftwaresolutions.com Sent: Wednesday, 29 June 2016 2:17 AM To: profoxtech@leafe.com Subject: [NF] Password instructions from my local credit union
"Passwords must not contain all letters or numbers, and be at least 6 characters and no more than 10 characters long"
WHY???? I just don't understand how here in 2016, we're limited to 10 characters.
[excessive quoting removed by server]
-
Alan Bourke -
Darren -
John R. Sowden -
mbsoftwaresolutions@mbsoftwaresolutions.com -
Paul Hill -
Stephen Russell