Go to goldenfrog.com

Please tell us your feature request....

Allow passwords longer than 14 characters

Currently you can only open an account using a password of 14 characters maximum. There is no reason for this restriction and it only benefits those who would try and brute force an account.

The password length limit should be raised to something less likely to be broken by a GPU in a few days.

200 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Steve shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

8 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    I was just in the middle of a ticket to highlight this issue. It's seem stunning that security software would allow such weak passwords.

    Please guys, longer passwords - at least up to 64! :)

  • JonSnow commented  ·   ·  Flag as inappropriate

    for one this is quite disturbing at first blush because we all know the higher the Entropy the better... if this is going to be the way to go... you can expect brute forcing could finish you off in just a few years. Some experts would point out that twelve characters would be safe but you can never tell... for convenience 12 characters would equal around 88.5 bits of entropy which could pretty much ward of regular attackers

  • Anonymous commented  ·   ·  Flag as inappropriate

    I suggest you make the password of the vypr-Account compatible with security standards (currently there's a limit in length and no symbols are allowed). Otherwise, third parties can brute force and access - and therefore potentially encrypt the traffic.

  • Noam commented  ·   ·  Flag as inappropriate

    Adding my voice to this. This ticket was last updated in 2013. For such a security-aware company, I would hope to see the option to use a longer password.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I would rather have the complexity of managing two passwords: one for PPTP/L2TP, and another for everything else; than have a short password.

  • Ian Bytchek commented  ·   ·  Flag as inappropriate

    I'm not pretending that I know anything at all about how your backend is implemented and not trying to be a smart ass, but can't you simply store two password hashes, the full length and the 14 chars max, and use the decent password hash by default and the shorter version in case of PPTP and L2TP?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Has this been updated at all? This is the reason I am not using Vypr as my solution.

Feedback and Knowledge Base