cancel
Showing results for 
Show  only  | would you rather see results for 
Did you mean: 
Need help?

Needless password restrictions

Submitted by mattb5906 07-01-2018 | 3 Comments

Status: Unable to Deliver

Why is there a limit of 20 characters for the password on both the community (community.talktalk.co.uk) and my account (myaccount.talktalk.co.uk) profiles?

If the passwords are hashed they should always return a fixed length.

 

64 characters seems a more reasonable limit.

 

Also, the community profiles allow spaces (great), but the my account profiles don't - any reason why?

 

The same could be said for the TalkTalk / Huawei router firmware not allowing spaces and limiting length etc. on both the admin account and WiFi passwords.

Get more ideas related to: Other

Needless password restrictions

Why is there a limit of 20 characters for the password on both the community (community.talktalk.co.uk) and my account (myaccount.talktalk.co.uk) profiles?

If the passwords are hashed they should always return a fixed length.

 

64 characters seems a more reasonable limit.

 

Also, the community profiles allow spaces (great), but the my account profiles don't - any reason why?

 

The same could be said for the TalkTalk / Huawei router firmware not allowing spaces and limiting length etc. on both the admin account and WiFi passwords.

What do you think?
3 Comments
OCE_Michelle
Community Team - TT Staff
Status changed to: Unable to Deliver

@mattb5906 We currently don't have single sign on for the community and MyAccount which is why you can't use the same details. Currently community passwords have to contain a mixture of upper case, lower case and numerical characters, and have to be a maximum of 30 characters. MyAccount currently works using your email address as your username and doesn't allow usernames like the community which is way it doesn't allow spaces.

mattb5906
Team Player

@OCE_MichelleI think you misunderstood: I was referring to the spaces being disallowed in passwords on the myaccount.talktalk.co.uk page.

Can you tell me why a limit of 30 characters was chosen? Why not a limit of 64 or even larger? What is the benefit of doing so? As mentioned previously the hash returns a fixed length anyway so there should be no reason to limit it (save performance issues on exceptionally long pass-phrases). You do hash them, right?

https://security.stackexchange.com/questions/33470/what-technical-reasons-are-there-to-have-low-maxi...

No problem with having two accounts, but why have two rules for passwords? Why not standardise?:
myaccount.talktalk.co.uk: 8-20 characters, 1 uppercase character, 1 lowercase character, 1 number and 1 special character (spaces not permitted).
community.talktalk.co.uk: 8-30 characters, 1 uppercase character, 1 lowercase character and 1 number - special characters optional (spaces permitted).
 
What is the benefit of having two rules?

OCE_Michelle
Community Team - TT Staff

@mattb5906 Thanks for your feedback and I've passed this on to the relevant team.