Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Eir: Password must be between 6-10 characters

Options
  • 22-09-2020 3:41pm
    #1
    p to the e
    Registered Users Posts: 2,303 ✭✭✭


    Maybe this is more of a web development thing I'm trying to figure out the reasoning behind this. The only thing I can think of is it is something they inherited from Meteor and are reluctant to update. I haven't logged into my eir account in ages so I tried to reset my password and got a notice that "Password must have at least 1 letter, 1 number and length must be between 6 - 10 characters". See image attached


Comments

  • Options
    #2
    [Deleted User]
    Posts: 0 [Deleted User]


    What are you asking exactly?


  • Options
    #3
    p to the e
    Registered Users Posts: 2,303 ✭✭✭p to the e


    Sorry. Is there a reason the number of characters is limited to between 6 and 10?


  • Options
    #4
    [Deleted User]
    Posts: 0 [Deleted User]


    p to the e wrote: »
    Sorry. Is there a reason the number of characters is limited to between 6 and 10?

    OK. Short answer is I don't know. Perhaps due to some legacy system or hardware they are using. I did a Pen Test for them a few years ago and were still using MD5 hashes which are no longer considered secure.


  • Options
    #5
    sheepsh4gger
    Registered Users Posts: 622 ✭✭✭sheepsh4gger


    p to the e wrote: »
    Maybe this is more of a web development thing I'm trying to figure out the reasoning behind this. The only thing I can think of is it is something they inherited from Meteor and are reluctant to update. I haven't logged into my eir account in ages so I tried to reset my password and got a notice that "Password must have at least 1 letter, 1 number and length must be between 6 - 10 characters". See image attached


    I think 6 characters is a bad idea, it could be brute-forced. i would make it at least 12 characters.


  • Options
    #6
    un5byh7sqpd2x0
    Closed Accounts Posts: 1,862 ✭✭✭un5byh7sqpd2x0


    [Deleted User] wrote: »
    OK. Short answer is I don't know. Perhaps due to some legacy system or hardware they are using. I did a Pen Test for them a few years ago and were still using MD5 hashes which are no longer considered secure.

    I’m sure you also signed an NDA before you were allowed to carry out this pen test.


  • Advertisement
  • Options
    #7
    nullObjects
    Registered Users Posts: 1,298 ✭✭✭nullObjects


    p to the e wrote: »
    Sorry. Is there a reason the number of characters is limited to between 6 and 10?

    I'd guess it's possibly either a business reason that they don't want customers setting passwords they think are too complex and they will have to talk to support to reset them or else a constraint on the max number of characters that they either don't want to or are not able to easily update


  • Options
    #8
    [Deleted User]
    Posts: 0 [Deleted User]


    Nikolai Tangy Housewife wrote: »
    I’m sure you also signed an NDA before you were allowed to carry out this pen test.

    Yes but it was over 5 years ago so no longer valid.


Advertisement