forums.rs

Forums

Password with special chars

Quick find code: 278-279-869-66194880

of 3
Corder
Oct Member 2017

Corder

Posts: 27,892 Sapphire Posts by user Forum Profile RuneMetrics Profile
Hi Owiz

Passwords are not case sensitive.

They can be written either lower or upper case, wouldn't matter. :) Life is like a camera: Just focus on what's important, capture the good times, develop from the negatives, and if things don't work out, take another shot !

10-Jan-2021 23:39:52

UrekMazino
Aug Member 2023

UrekMazino

Posts: 7,214 Rune Posts by user Forum Profile RuneMetrics Profile
Draco Burnz said :
^

No support.

Just use the already available options to keep your acc secure.
That's like saying seatbelts and bumpers are already good enough for keeping the driver safe during an accident, so there's no need to install airbags. °l||l° Modest Skillers T7 Citadel | Skilling clan recruiting players. °l||l°
•ï¡÷¡ï• Cwar United for CW games/Ardy task/Trim req. •ï¡÷¡ï•
120 Summoning Familiar ideas .

11-Jan-2021 07:37:19

Draco Burnz
Dec Member 2011

Draco Burnz

Posts: 79,296 Emerald Posts by user Forum Profile RuneMetrics Profile
Yet considering ppl use tools or ppl just hand out their pass/emails, whats the point of this?

Plus you might want to actually read what ToP BaSS said before you do your usual things.

Here, ill be the noice guy in this situation and provide it to you:

ToP BaSS said :
Why do you consider a password with "special characters is a basic feature that every application nowadays should provide" ?

No support because it would serve no purpose.
In fact in could be counter productive.
The more complicated a password the more is the likelihood that people would memorialise it with a hard copy - this in itself is a security issue.
The numbers of "lost / cant remember password" issues for Jagex to sort out would increase beyond the effort of making this change.
Draco Burnz
Anime Fanatic
Defender of the logical

11-Jan-2021 11:39:58 - Last edited on 11-Jan-2021 11:45:03 by Draco Burnz

Hmm
Jan Member 2016

Hmm

Posts: 13,000 Opal Posts by user Forum Profile RuneMetrics Profile
IDK why a bunch of computer illiterates love to go on these threads and spout reasons to not do things that leading governments literally recommend. Let's make it clear, everyone saying "no support" for whatever reason here is literally going against the recommended practises of people who are actually paid to standardise these things, making you the computer equivilent of antivaxers. And I will make it my mission to respond every time.


From the thread the other day about copy/pasting,
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
(United States Government)
Original message details are unavailable.

Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets.


https://www.ncsc.gov.uk/collection/passwords/updating-your-approach (United Kingdom government)
Original message details are unavailable.

We recommend that all online services permit the use of password managers, and that users should be allowed to paste passwords into web forms


About length:

https://www.ncsc.gov.uk/collection/passwords/updating-your-approach (UK again)
Original message details are unavailable.

Avoid using any maximum length requirements
[...]
Don't impose artificial capping on password length.

https://pages.nist.gov/800-63-3/sp800-63b.html
Original message details are unavailable.

Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length


Complexity:
https://pages.nist.gov/800-63-3/sp800-63b.html
Original message details are unavailable.

Unicode [ISO/ISC 10646] characters SHOULD be accepted as well.

The government literally recommends Emoji are valid passwords, which I think proves that we're long past allowing @ ! $ , etc; The Unicode and ASCII standards also both clearly state an uppercase isn't a lowercase character, so the lack of cases is bad too.

11-Jan-2021 14:19:21 - Last edited on 11-Jan-2021 14:49:02 by Hmm

Hmm
Jan Member 2016

Hmm

Posts: 13,000 Opal Posts by user Forum Profile RuneMetrics Profile
Draco Burnz said :
Yet why should they when in the end it actually doesnt provide any better security?

Like said, most hacks happen due to ppl giving out their passwords so this would achieve nothing.

Except you've said most, not all, so it would achieve something.

Which is why I'm calling you the equivilent of an antivaxer, because when one person gets hacked, they'll use that account to try phish their friends list who won't be expecting it, or stand around in a max cape spamming links, and since you claim that's the majority of the problem, you're agreeing then that limiting it at all would have substantial benefits.

12-Jan-2021 00:31:47 - Last edited on 12-Jan-2021 00:36:24 by Hmm

Draco Burnz
Dec Member 2011

Draco Burnz

Posts: 79,296 Emerald Posts by user Forum Profile RuneMetrics Profile
Hmm said :


I never said any of that so plz dont put words in my mouth or misquote what i say.

Id also like you if you refrained from naming me something im not.

Once again, its been said throughout this thread that adding this adds nothing to security thus its a complete and utter waste of dev time.

Maybe once ppl stop handing out their pass/emails something like this can be looked into.
Draco Burnz
Anime Fanatic
Defender of the logical

12-Jan-2021 03:27:45

2_Tron

2_Tron

Posts: 22,959 Opal Posts by user Forum Profile RuneMetrics Profile
Draco Burnz said :
Yet why should they when in the end it actually doesnt provide any better security?

Like said, most hacks happen due to ppl giving out their passwords so this would achieve nothing. Yeppp, he is right, the security is as tight as the person/individual using it.
From the very early beginning/existence of RuneScape accounts have been traded/handed-over back and forward.
As well as loads of players refused to tighten their security to the max.
As well as loads of players talk too much revealing their credentials without knowing themselves.

12-Jan-2021 12:30:45

Hmm
Jan Member 2016

Hmm

Posts: 13,000 Opal Posts by user Forum Profile RuneMetrics Profile
Draco Burnz said :

I never said any of that so plz dont put words in my mouth or misquote what i say.



I quoted exactly what you said. You said not everyone gets hacked through phishing ("most != all" ), and phishing was a huge problem. I agree to both these things, and add on phishing spreads on somewhat like a virus transmission, so good password hygeine is important. Wash your passwords Draco.

Draco Burnz said :



Id also like you if you refrained from naming me something im not.



Like it all you want. If you have a problem, go on forum help. I'm confident anyone reasonable will appreciate why I'm calling people who ignore government regulations on password hygeine in order to improve overall herd immunity sound exactly like antivaxers.

Draco Burnz said :

Once again, its been said throughout this thread that adding this adds nothing to security thus its a complete and utter waste of dev time.


You say a lot and you say nothing. I've sourced you the exact documents that say its worth doing.

Stop speaking for the devs when they already said they want better passwords you know this cos I link it everytime.

Account Security Blog

2_Tron said :
Yeppp, he is right, the security is as tight as the person/individual using it.


It isn't, companies suffer breaches regular that the users have no control over, and other peoples security being compromised can lead to a chain reaction of more accounts being compromised. No one lives in a complete security bubble.

2_Tron said :

As well as loads of players refused to tighten their security to the max.


Thats why the document and changes are designed to encourage it.

12-Jan-2021 13:36:49

Quick find code: 278-279-869-66194880 Back to Top