M*CARBO Brotherhood

Password length on main site

So, I’m a software QA analyst…for the lay-people out there, computer geek. I was surprised to find that the password length when creating a login for the main mcarbo site was 15 characters. I also noticed that you have a bug on your page for entering a phone-number field, but that’s for your QA guys to fix :slightly_smiling_face:
Unless you are planning on getting hacked and your users information stolen, you may want to update that to the the industry standard of a maximum of 24 characters. If I’m placing an order and entering my credit card info, I would rather not have a password that could be cracked with a computer with a first generation pentium processor and 4 gigs of ram. Just a suggestion. Oh, also, I’m a first time CZ owner. I just bought a CZ 75 omega. I havn’t had a chance to shoot it yet, but I can tell it’s an incredibly well designed and manufactured gun and I can’t wait to get it to the range.

3 Likes

Welcome to the brotherhood @NinjaMidget , and congrats on your CZ!
im pretty far removed from the computer geekness of the past decade or so , but have not yet encountered a 24 digit requirement anywhere i have an account. What industry uses that as a standard?

6 Likes

Welcome NinjaMidget

What you just flagged is important, and, should be looked into even if there is no chance of a security breach here.
Can I go out on a limb, @Kona might want to pass your information upstream for consideration.
Cheers,

2 Likes

@NinjaMidget I’ll look into it

3 Likes

It’s pretty much standard in the financial and medical industry, mostly because there are a lot of govt regulations in those areas. I always suggest using a password app called 1Password. That way you can always have a password that is as long and complex as possible. I also used to use another password manager called LastPass. Both of them are good password managers and have mobile apps for your phones and key generators that you can use to create passwords.

2 Likes

Also noted, good catch.
@Kona

1 Like

It’s only a maximum, not a requirement. Upped from 15 to allow for creating longer, harder to crack and therefore more secure passwords. Most websites I’ve been on usually require a minimum of 8 with varying requirements for character types to include.

7 Likes

VPN is your friend these days and FWIW doing anything the requires sensitive info on your phone is a very bad idea IMHO.

2 Likes

Usually 8 characters minimum, 24 characters max, and you must use at least 3 of the 4: Uppercase, Lowercase, Numerals, and Symbols such as ~!# etc. Most businesses also prohibit words in a dictionary, require it to be changed every 90 days, and you can’t change it more than once a day or re-use a password until it’s been changed X times. “Password” won’t work but “pA$$w0Rd” will.

4 Likes