1

Unnecessary, insecure password requirements

I just logged in to Tropo for the first time, and went to change my password, only to discover that I couldn't use a secure password of my choice. Instead, I was limited to a small set of characters. There is absolutely no reason to limit the characters allowed in a user's password, and it only leads to forced insecurity. I would HIGHLY recommend removing that restriction. In all likelihood, the fix would only require removing a regular expression or other validator that checks the password. If Tropo doesn't take password security seriously, what other poor security decisions have you made?

2 comments

Please sign in to leave a comment.