| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: Website Support
Thread: Account Password Strength |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 16
|
|
| Author |
|
|
robertmiles
Senior Cruncher US Joined: Apr 16, 2008 Post Count: 443 Status: Offline Project Badges: 
|
Some of the projects I participate in allow some of the nonalphanumeric characters in passwords, but not the full set. You might want to check for that possibility, and if it is true, modify the page for changing the password to list which ones are allowed.
|
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Teratoma, there is nothing stopping you using a very strong password at World Community Grid. Yes, World Community Grid allow quite weak passwords, and don't support special characters. But password length can compensate for a slightly smaller alphabet size.
Special characters are not a prerequisite for a strong password. In fact, you can create incredibly weak passwords using special characters. Even if your World Community Grid account is compromised, your computer is not seriously at risk. What is the worst someone could do with your password? Change your member name to poopypants? They can not transmit malicious code to your computer. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Yes I agree that length is as important as structure or case. The extended character set helps create a stronger password that is shorter than one without. I survived for 9 years with a weak password. I wil survive with the one I have now.
The discussion of password strength is primarily due to one projects lack of security measures. My posting here was not worded correctly now that I look back...I was frustrated at the time. I would like to see WCG follow the same standards as all the othe Boinc projects. If WCG can get everyone else to drop the non-aplhanumeric characters, well that would work wouldn't it? In reality it would make sense for WCG to adopt the same standard at some point. As for the transmission of malicious code, you should rethink your position on that. If WCG can trasmit code to my PC, then it is possible for someone else to do so once they have the right info and under the right conditions. It would be extremely difficult to do and probably not worth the effort for just my 20+ PCs, but consider the scenario of the project db being compromised and the potential to reach 1000s of PCs. I do not want to get into a debate or discussion of how it is possible. I would just like to know if WCG will at any time consider modifying their password policy. |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
It's a question one can pose and will not get answered other than by "popular demand", with emphasis on "popular". If you have reputable documentation to substantiate a material added value, I've not come across it.
----------------------------------------
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
knreed
Former World Community Grid Tech Joined: Nov 8, 2004 Post Count: 4504 Status: Offline Project Badges:
|
As for the transmission of malicious code, you should rethink your position on that. If WCG can trasmit code to my PC, then it is possible for someone else to do so once they have the right info and under the right conditions. It would be extremely difficult to do and probably not worth the effort for just my 20+ PCs, but consider the scenario of the project db being compromised and the potential to reach 1000s of PCs. I want to jump in real quick about this specific point. This is something that we take extremely seriously. We have security experts that are external to our hosting staff and external to the WCG tech team review our security periodically to ensure that the system remains secure. Although we fully trust our hosting staff and our technical team to ensure the security of the system, we bring in outside reviewer to make sure that what we are doing is secure. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
As for the transmission of malicious code, you should rethink your position on that. If WCG can trasmit code to my PC, then it is possible for someone else to do so once they have the right info and under the right conditions. I do not want to get into a debate or discussion of how it is possible. I would just like to know if WCG will at any time consider modifying their password policy. Hold on here Teratoma, you don't get to try to stir up a dust storm then decide not to debate. You started this discussion, so read what has been posted. We have 3 CAs and a Tech all telling you about the security provided to the system. The question about the passwords has been answered. Passwords are not the only form of security available and your definition of what is required to create a 'strong' password is not universally accepted as the definition of security. The multi-layered security provided by IBM, the use of SSL and having external security audits more than makes up for only being able to use 62 different characters in a WCG password. You have made a small error by assuming that other Boinc projects that allow more characters in a password must have better security than WCG. Transmitting a 256 character password via plain text is less secure than a 5 character password via SSL, although it would be easier to guess a shorter length password. The point that has been made is that it is not just about the user password, its actually all about the system security. |
||
|
|
|