Allow passwords longer than 14 characters
Currently you can only open an account using a password of 14 characters maximum. There is no reason for this restriction and it only benefits those who would try and brute force an account.
The password length limit should be raised to something less likely to be broken by a GPU in a few days.
The Golden Frog control panel now support longer passwords .
I was just in the middle of a ticket to highlight this issue. It's seem stunning that security software would allow such weak passwords.
Please guys, longer passwords - at least up to 64! :)
More complex password.
for one this is quite disturbing at first blush because we all know the higher the Entropy the better... if this is going to be the way to go... you can expect brute forcing could finish you off in just a few years. Some experts would point out that twelve characters would be safe but you can never tell... for convenience 12 characters would equal around 88.5 bits of entropy which could pretty much ward of regular attackers
I suggest you make the password of the vypr-Account compatible with security standards (currently there's a limit in length and no symbols are allowed). Otherwise, third parties can brute force and access - and therefore potentially encrypt the traffic.
Adding my voice to this. This ticket was last updated in 2013. For such a security-aware company, I would hope to see the option to use a longer password.
I would rather have the complexity of managing two passwords: one for PPTP/L2TP, and another for everything else; than have a short password.
Ian Bytchek commented
I'm not pretending that I know anything at all about how your backend is implemented and not trying to be a smart ass, but can't you simply store two password hashes, the full length and the 14 chars max, and use the decent password hash by default and the shorter version in case of PPTP and L2TP?
Has this been updated at all? This is the reason I am not using Vypr as my solution.