cancel
Showing results for 
would you rather see results for 
Did you mean: 
Need help?

Needless password restrictions

Submitted by mattb5906 07-01-2018 | 3 Comments

Status: Unable to Deliver

Why is there a limit of 20 characters for the password on both the community (community.talktalk.co.uk) and my account (myaccount.talktalk.co.uk) profiles?

If the passwords are hashed they should always return a fixed length.

 

64 characters seems a more reasonable limit.

 

Also, the community profiles allow spaces (great), but the my account profiles don't - any reason why?

 

The same could be said for the TalkTalk / Huawei router firmware not allowing spaces and limiting length etc. on both the admin account and WiFi passwords.

Get more ideas related to: Other

Needless password restrictions

Why is there a limit of 20 characters for the password on both the community (community.talktalk.co.uk) and my account (myaccount.talktalk.co.uk) profiles?

If the passwords are hashed they should always return a fixed length.

 

64 characters seems a more reasonable limit.

 

Also, the community profiles allow spaces (great), but the my account profiles don't - any reason why?

 

The same could be said for the TalkTalk / Huawei router firmware not allowing spaces and limiting length etc. on both the admin account and WiFi passwords.

What do you think?
3 Comments
Community Team
Status changed to: Unable to Deliver

@mattb5906 We currently don't have single sign on for the community and MyAccount which is why you can't use the same details. Currently community passwords have to contain a mixture of upper case, lower case and numerical characters, and have to be a maximum of 30 characters. MyAccount currently works using your email address as your username and doesn't allow usernames like the community which is way it doesn't allow spaces.

Team Player

@OCE_MichelleI think you misunderstood: I was referring to the spaces being disallowed in passwords on the myaccount.talktalk.co.uk page.

Can you tell me why a limit of 30 characters was chosen? Why not a limit of 64 or even larger? What is the benefit of doing so? As mentioned previously the hash returns a fixed length anyway so there should be no reason to limit it (save performance issues on exceptionally long pass-phrases). You do hash them, right?

https://security.stackexchange.com/questions/33470/what-technical-reasons-are-there-to-have-low-maxi...

No problem with having two accounts, but why have two rules for passwords? Why not standardise?:
myaccount.talktalk.co.uk: 8-20 characters, 1 uppercase character, 1 lowercase character, 1 number and 1 special character (spaces not permitted).
community.talktalk.co.uk: 8-30 characters, 1 uppercase character, 1 lowercase character and 1 number - special characters optional (spaces permitted).
 
What is the benefit of having two rules?

Community Team

@mattb5906 Thanks for your feedback and I've passed this on to the relevant team.