PDA

View Full Version : Enhancement - Alpha account passwords should not contain easy to confuse letters/#s



Pacific_Inferno
10-11-2013, 06:37 AM
Severity:
Enhancement

Steps to Reproduce:
Receive e-mail with password

Expected Behaviour:
Keys (passwords) should be easy to determine what characters are being used.

Actual Behaviour:
Passwords are being sent out with lower case 'L's, upper case 'I's, capital 'O's, and/or zeros. These are characters that should be avoided in product keys as they can cause confusion by the consumer.

Client Details:
Wasn't allowed to copy and paste, which would have also made this a non issue.

Kami
10-11-2013, 06:42 AM
This is not technically a bug. Moved from Alpha Bug Reports.

Pacific_Inferno
10-11-2013, 07:03 AM
I'm assuming this is generated by some tool, this tool could be enhanced. I concede that it's not a bug with Hex itself, but it is something to think about for the future batches of e-mails. Or if codes are going to be used for anything else with the full release.

Banquetto
10-11-2013, 01:53 PM
An excellent alphabet for generating passwords is to take A-Z and 0-9, and then remove I, O, 1 and 0. This leaves you with 32 characters which, as a power of 2, is most convenient for generating passwords from a random number (every 5 bits gives you a character).

If you want more security, include lowercase letters as well (minus i and o), and add eight punctuation characters, to make it an alphabet of 64 = 6 bits per character.