walkhighlands

Check this board for announcements about new features and content on Walkhighlands

Increasing Max password length

Increasing Max password length


Postby gav777 » Tue Aug 09, 2022 10:30 am

Hi,

After hearing about scottishhills going down due to I'm guessing a cyber-attack of some sort, prompted me to change my password on here.

The max length is only 15 characters which isn't great - with brute force attacks being easier than ever due to more powerful processors, increasing password length (rather than use a number and uppercase letter which doesn't really do anything in this regard) is the better option.

Where I work it's a min of 14 characters and ideally a lot more - can this be changed Paul ?

thx
G
gav777
Wanderer
 
Posts: 16
Munros:52   Corbetts:17
Fionas:12   Donalds:2
Sub 2000:13   Hewitts:2
Wainwrights:2   Islands:16
Joined: May 21, 2014
Location: Higher than the sun

Re: Increasing Max password length

Postby gman » Tue Aug 09, 2022 10:39 am

gav777 wrote:Hi,

After hearing about scottishhills going down due to I'm guessing a cyber-attack of some sort, prompted me to change my password on here.


I think it probably wasn't a data breach, sounds like they were running old software that their web host stopped supporting.

Worth noting that UKC/UKH was breached a couple of years ago and they only realised when they upgraded to a new server.

https://www.ukclimbing.com/news/2020/10/ukcukhrockfax_server_attack_-_information_for_users-72581
User avatar
gman
 
Posts: 825
Munros:250   Corbetts:4
Sub 2000:1   
Joined: Sep 12, 2011

Re: Increasing Max password length

Postby Paul Webster » Tue Aug 09, 2022 5:17 pm

Hi Gav

I don't think passwords have any connection to the demise of Scottish Hills.

The best way to have a secure password is:
- to include combo of letters (both cases), numbers and also symbols in it
- for it not to contain / be made up of real words
- to use a different password for every website so when one website is hacked (which is inevitable given the numbers most of us use) it doesn't affect your accounts elsewhere which might have more valuable data

The length isn't really a huge help compared to the above, though short passwords are obviously bad.

It can obviously be tricky to use a different password, with no words in it, and letters, different case and symbols on every website. The best way to do it is to use a password manager - both Chrome and Safari have one built in these days, though there are also paid options. You then only need to remember the password manager password, which needs to be very secure, preferably using multi factor authentication so you need your phone or similar security device as well as the password to get access.

Passwords on our server are salted and encrypted using a one-way hash, which means we can't access them.
User avatar
Paul Webster
Site Admin
Mountain Walker
 
Posts: 5822
Munros:282   Corbetts:222
Fionas:71   Donalds:45+17
Sub 2000:121   Hewitts:133
Wainwrights:135   Islands:92
Joined: Jan 6, 2007
Location: Highland
Walk wish-list




Can you help support Walkhighlands?


Our forum is free from adverts - your generosity keeps it running.
Can you help support Walkhighlands and this community by donating by direct debit?



Return to Walkhighlands announcements and feedback

Who is online

Users browsing this forum: No registered users and 1 guest