Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Eir: Password must be between 6-10 characters

  • 22-09-2020 2:41pm
    #1
    Registered Users, Registered Users 2 Posts: 2,344 ✭✭✭


    Maybe this is more of a web development thing I'm trying to figure out the reasoning behind this. The only thing I can think of is it is something they inherited from Meteor and are reluctant to update. I haven't logged into my eir account in ages so I tried to reset my password and got a notice that "Password must have at least 1 letter, 1 number and length must be between 6 - 10 characters". See image attached


Comments

  • Posts: 11,614 ✭✭✭✭ [Deleted User]


    What are you asking exactly?


  • Registered Users, Registered Users 2 Posts: 2,344 ✭✭✭p to the e


    Sorry. Is there a reason the number of characters is limited to between 6 and 10?


  • Posts: 11,614 ✭✭✭✭ [Deleted User]


    p to the e wrote: »
    Sorry. Is there a reason the number of characters is limited to between 6 and 10?

    OK. Short answer is I don't know. Perhaps due to some legacy system or hardware they are using. I did a Pen Test for them a few years ago and were still using MD5 hashes which are no longer considered secure.


  • Registered Users, Registered Users 2 Posts: 622 ✭✭✭sheepsh4gger


    p to the e wrote: »
    Maybe this is more of a web development thing I'm trying to figure out the reasoning behind this. The only thing I can think of is it is something they inherited from Meteor and are reluctant to update. I haven't logged into my eir account in ages so I tried to reset my password and got a notice that "Password must have at least 1 letter, 1 number and length must be between 6 - 10 characters". See image attached


    I think 6 characters is a bad idea, it could be brute-forced. i would make it at least 12 characters.


  • Closed Accounts Posts: 1,862 ✭✭✭un5byh7sqpd2x0


    OK. Short answer is I don't know. Perhaps due to some legacy system or hardware they are using. I did a Pen Test for them a few years ago and were still using MD5 hashes which are no longer considered secure.

    I’m sure you also signed an NDA before you were allowed to carry out this pen test.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,367 ✭✭✭nullObjects


    p to the e wrote: »
    Sorry. Is there a reason the number of characters is limited to between 6 and 10?

    I'd guess it's possibly either a business reason that they don't want customers setting passwords they think are too complex and they will have to talk to support to reset them or else a constraint on the max number of characters that they either don't want to or are not able to easily update


  • Posts: 11,614 ✭✭✭✭ [Deleted User]


    I’m sure you also signed an NDA before you were allowed to carry out this pen test.

    Yes but it was over 5 years ago so no longer valid.


Advertisement