Password lenght?

Any one knows where and in what file I can change the lenght of passwords? As it is for now, the min. lengt is 5, and max. 8 charcaters.

I would like extend that to from 6 to 20 characters. Is that possible?

Thanks for any help you can provide..

No, to my knowledge 8 characters is what we're stuck with. It's something that I addressed back in Dolphin 6 already and apparently Boonex feels that 8 characters max is sufficient. I suppose if your server is set up pretty securely and with the added phpIDS features (which we don't even use) everything is supposed to be secure enough as is .....
I'd prefer longer passwords myself, ah well.

But 8 characters are not secure enough. I've hade 20 before as admin user, that what I installed under the software installation on my server, but all that bloody captcha working destroyed that.

When I was able to get around the captcha problem, i tryed to get the lost password to work with out captcha. It worked fine, but dolphin resets the password, and send at new one with 8 character. Andt after that there is no way bak to 20.

Lots of bugs...... 8 characters are 12 to short!

Well, I too would like to have more characters available but I have to disagree with your assessment here. There's a lot that can be done for security on the server which explains why a lot of banking sites only have 5 pin passwords for their online pages. Our own server is set up to disable an IP after two failed password attempts (as well as several other security measures that we have in place). Now unless you're a complete idiot, drunk, or perhaps high on something, you'll only miss-type your password once. After that you're in.

More than 2 attempts provides a 45 minute lockout which basically kills any hacker software attempt since hacker software generally hammers the system non-stop, thereby locking itself out constantly. A human hacker wouldn't have the patience to return every 45 minutes for *TWO* password attempts. In addition you can blacklist IPs, IP origination, and entire countries directly on your server if you're not doing international stuff. You can even backtrack suspicious IPs. And on top of that you always have phpIDS if your server is really that unsecure. So 8 characters can certainly be more than sufficient ... if you have other security measures implemented on your site.

Password field in database is capable of storing 40 characters

Password field length is 5 - 16 characters as set by profile fields in admin > builder > profile fields

Does increasing this value not work?

/DM

Increased it to 30 no problem

/DM

I've tried several times to get passwords above 8 characters for the admin login to work and couldn't. Memembers can use longer passwords. I discussed this with AntonLV as well and although he didn't state that it was impossible to change it, he did tell me to stick to the eight characters .... hmmmm ???

Ahh ok - issue is with admin login.

In this case, why not use normal login, and then navigate to admin panel via link in member menubar?

/DM

Just forget it! I have solved the problem. When you were getting warm in you're diskussions for and against, I was lookong in to the problem, and have a work around solution that works.

Any one here who knows what you are doing? This is a free software, some of the work to make it run smuthly is up to one singel of you.

And when some one is tired after a long night programing, and getting "blinde" the it is not up some D...heads to call someone for an idiot.

I'am one of this people who's asking qustions here because i'm reading my ass of to finde some good solutions, so please keep it clean in the future.

And what my server does or not in security matters is not the issue here. Lots of hours reading, and programming can make even the best blinde!

What is your problem ???

Maybe you need to learn to read english CORRECTLY because nobody called you an idiot. I explained why we only permit two login attempts on our server which should be good enough for anyone but an idiot. This sentence doesn't have anything to do with *YOU* at all. And if you're up all night coding and reading and reading and coding then this is 100% your fault and only your fault. Can't expect anyone to have sympathy for that. So in the future I'd appreciate it if *YOU* paid better attention to what's been said and stop calling people names right away you D...head.

Sheeesh ....