Suggestion Ease on the password requirements.

Divine

Pirate Lord
For the official TLOPO website (tlopo.com), the password is a pain to actually type out. I currently have 2FA enabled, and I would ask if it was possible to make a simpler password just for ease of access.

Current criteria:
upload_2017-3-4_23-51-28.png
 
We have no intent to modify our current password requirements. Sure, it may be less convenient to type out, but you sacrifice convenience for security.

Just my two cents.
That's fine, it's just that 1 of my accounts was made back in alpha (before the requirements) and it's the simplest password ever, and then I have this other completely different password on my other account haha. I guess it's better security in the end, though.
 
Just a note that NIST has updated their password requirement recommendations to be more secure and user-friendly. Among the changes are:
  • Enforce a minimum length (8 at an absolute minimum)
  • Check new passwords against a dictionary of 100,000 common/bad passwords
  • No composition rules (no required characters or symbols)
This can seem a little counter-intuitive at first, but xkcd does a reasonable job explaining the motivation:

password_strength.png
 
I see no reason why the user shouldn't be able to decide how convenient and less secure or how secure and less convenient their password is.
Account stealing was fairly prevalent in POTCO. If it were an issue in TLOPO it would cause the support team unnecessary headaches so it makes sense to take some steps to prevent it.

I am in agreement that the composition rules should be relaxed though. Maybe just a minimum length of 12 characters and checking against a database of the 100,000 most commonly used passwords.
 
I could both agree and disagree with this honestly. While I do despise the password requirements that most sites, including TLOPO set, I understand the need for them. I'd much rather take the extra few seconds to type out my password due to it's complication, than have a simple one that takes less time, but is less secure. My password is very long and confusing, however this site tells me it'd take 1 Trillion years for a computer to crack it, so I feel much better with the long confusing password.

As I said, I'm on the fence for the issue, but I lean more to the side of the stricter password requirements. Especially because kids play the game. Although, we as adults know the importance of password and account security, children may not. So requiring them to have a lengthy, diverse password will help to keep them safer in the end.
 
If you are the sole user of your computer, you could always just control+V your password rather then typing it each time you crash.
 
Back
Top