mxp 0 Posted April 14, 2020 Posted April 14, 2020 I know this sounds ridicolous, but it really stresses me out and annoys me: I just got an email notification that our Account has been successfully moved over from the EMA to the new EMA2 and I went on to change my password. Can anyone explain me, why I'm suddenly limited to dots, commas and exclamation marks? i just don't get my head around why I get limited in how I create my password for a security centric portal.
Administrators Marcos 5,444 Posted April 14, 2020 Administrators Posted April 14, 2020 What kind of password was not accepted? Please provide an example, not your password.
ESET Staff MichalJ 434 Posted April 15, 2020 ESET Staff Posted April 15, 2020 Hello @mxp I have checked this with the PM for EMA, and you are right, we have received similar feedback, that password policy is restrictive in case of EMA2. However, there is one significant change for EMA2 - it supports 2FA, for improved security, by the means of ESET Secure Authentication app. Password policy details are below:
mxp 0 Posted April 15, 2020 Author Posted April 15, 2020 Thanks for the answers, but still I can't understand why I get limited in the special characters that i use at all. Seems kind of counter-intuitive to me. Doesn't this make the password less secure as an attacker now knows which special charactere he doesn't even have to try?
Administrators Marcos 5,444 Posted April 15, 2020 Administrators Posted April 15, 2020 I don't think that displaying special characters in the tooltip makes it easier for possible attackers to guess the password, quite the contrary. The list can be found or figured out easily, e.g. by googling "password special characters", e.g. https://owasp.org/www-community/password-special-characters.
Recommended Posts