cancel
Showing results for 
Search instead for 
Did you mean: 

Account password restrictions

N/A

Account password restrictions

Can I ask what the schedule is for removing the absurd limits on passwords?
Additionally, why were these limits put in place and why is it that there is a two tier system where some can have passwords from before the restrictions which do not confirm, while new passwords have to conform?
8 REPLIES
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Account password restrictions

The restrictions are in place as some of PlusNet's legacy systems could not handle more secure passwords.

PlusNet have indicated to the UserGroup that the recent events has placed a priority on reviewing this issue.

Chilly
N/A

Account password restrictions

Hi Chilly, long time no see Smiley

Yes, I saw the post over on the PUG. Unfortunately it's enormously vague. I completely understand there are certain things that can't be gone into due to the seriousness of the breach. But this isn't one of those areas IMHO.

The thing is... why is it that older passwords, what I would consider legacy, can break these rules, while newer ones cannot?

If the legacy systems cannot cope, how is it that they cope perfectly well with passwords which were created when the systems were not in place?

I'm sorry but I've never seen an explanation that adds up for this.

Also, why does it take an incident such as this (as opposed to the repeated pleading from customers and the PUG) for this to become a 'priority'. The same applies for just about all the other requests that have been brushed under the carpet over the years. It would be nice if this question in particular is answered by the now-delayed report. For now I'd be happy with answers to my more simple and focussed questions.
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Account password restrictions

I've been around, where have you been Cheesy

Its a shame, but I just think that it's not been a priority.

There also seams to be a bit of my Grandfather did it that way, because his father did. And this incident has forced a reconsideration.

Looking on the plus side, it now has priority.

Chilly
N/A

Account password restrictions

I'm sure I heard that it the limits exist because of a validation rule somewhere being set to that, so all subsequent programmers have followed the lowest common denominator approach.

I can't remember who said it, but I'm certain there were suspicions that there was no reason for the restriction, it just required the validation rules changing across the board to allow longer passwords.

/Goes a searchin'
N/A

Account password restrictions

Re http://portal.plus.net/central/forums/viewtopic.php?p=422995#422995

Quote
We are trying to keep all discussion on subjects such as this one to a limited number of threads.
Sorry Chilly, but how was I supposed to know it would be in the 'Free Dialup Forum' rather than the 'Community Support' one? :lol:
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Account password restrictions

Sorry about that, I think it is in here as "sietchtabr" is using a dial-up account, hence why I chose his post, so that he is still able to contribute.

Chilly
N/A

Account password restrictions

Yes it's my fault. *hangs head in shame*
I'm no longer able to post in the main forums having left PlusNet last year.

It is indeed good that recent events have caused many things people have repeatedly requested to be readdressed. But it would be great to get an official comment about why the restriction is there and why some passwords must conform to the restrictions while others can not.

I mean, I have a password for a mailbox that does not conform, but if I try to change it it must conform. This would imply a front-end limitation and not a backend. The backend systems are perfectly happy to work with my apparently illegal password format. From what I've read this applies to a number of people.

Will be interesting to see what you can dig up sallyandjames certainly if we can't get an official response.
N/A

Account password restrictions

Woohooo!

No answer on why the restrictions were in place when the systems seemed happy with passwords which didn't conform butt...

No more daft restrictions! And users being forced to have a minimum password length! It's almost as if someones come in and taught PlusNet about modern practices Wink

Despite everything else, I've got nothing but positive things to say about this change.