 | | |||||
Welcome, Guest! Ready to make a name for yourself in the domain business? We welcome both the hobbyist and professional domainer to join the discussion as part of the NamePros community.
Click here to create your profile to start earning reputation for posting, and trader ratings for buying & selling in our free e-marketplace. Build your trader rating with each successful sale. Our system has tracked over 100,000 sales and counting!
Click here to create your profile to start earning reputation for posting, and trader ratings for buying & selling in our free e-marketplace. Build your trader rating with each successful sale. Our system has tracked over 100,000 sales and counting!
| ||||||||
| Domain Name Discussion The place for general domain name related discussions. |
 | LeadRefs | Forum Sponsorship |
| Want to sell your domain? LeadRefs.com finds multiple potential buyers to contact instantly! | ||
 |
| | LinkBack | Thread Tools |
02-09-2010, 09:41 PM
| THREAD STARTER #1 (permalink) |
| New Member Join Date: Feb 2010
Posts: 2
   | Is this a huge security issue with GoDaddy? Ps if you're not familiar with a dictionary based brute force password lookup kind of hacking attack, its kinda central to this post, you may wanna google it .. I just registered some domains with GoDaddy. During the registration I entered a long password, about 30 characters - the domains we're generated I got a success email, but I couldn't login. After a while I rang customer support, they reset the domain, and I checked the max length .. the guy says 7-14 characters . and my jaw drops ... hits the floor more like it .. so i ask him if theres a way to make it longer .. because reverse compiled dictionary attacks can very quickly break passwords of normal length, and 14 characters is the *minimum* for a secure password, according to my security understanding from a few years ago .. I generally opt for 20 + to ensure a bit of future time safety Maybe I'm expected to trust that GoDaddy will detect and allow it, go the extra mile on their end with a sophisticated detect and deny strategy, but it would be so very simple to also extend the password length. ????: NamePros.com http://www.namepros.com/domain-name-discussion/638957-is-this-huge-security-issue-godaddy.html To sweeten it, the customer service rep absolutely would not log an issue internally, he agreed with me about the issue, but when I asked him to do something internally and let me know about what seems to be their big security hole, all he would do was recommend I send an email to suggestions. I think, given the theme of not doing simple basic things for the customer, I wanted to get some community perspective here .. check if my assumptions are correct .. and what the best thing to do is .. so what do you guys think |
|  |
|
02-09-2010, 09:57 PM
| #2 (permalink) |
| Senior Member  Join Date: Aug 2008 Location: Australia
Posts: 1,800
   | IMO a 30 character password is ridiculous, you are also assuming someone has your account number also. Seriously if you cant create a safe password in 7 to 14 characters you may as well not use the internet at all. Most people who hack into a godaddy account do so through phising, so a 30 character password makes 0% difference. Why should the rep waste everyones time logging "the issue", just because you join up and want them to change their policy on your behalf?
__________________ Drez Media
Last edited by maxeaus; 02-09-2010 at 10:01 PM.
|
|
| |
|
02-10-2010, 12:32 AM
| #4 (permalink) |
| Senior Member Join Date: Jan 2006 Location: Wyomissing, PA, USA
Posts: 1,223
| 7+ characters is plenty for services that require strong passwords and block / throttle brute attacks. With that said, one's security is only as strong as the weakest link... ????: NamePros.com http://www.namepros.com/showthread.php?t=638957 Many services have "recover password" feature that utilizes "security questions", which can often be weak and easily guessed ... ie. What is your Mother's maiden name?, What is your pets name?, Where were you born?, etc. Barring that, hacking the whois email, social engineering / registrar employee, etc. In my view, strong password / strong security answers is good, but not enough for protecting highly valuable domain names. Utilize 3rd party whois / dns monitoring services, such as DomainTools. At minimum, login into your registrar accounts every so often and check for any unexpected changes / push-out notices, etc. Ron
__________________ Domagon - Website Management and Domain Name Sales |
| |
|
02-10-2010, 11:13 AM
| #5 (permalink) | ||||
| Domains my Dominion  Join Date: Aug 2005 Location: Web 1.0
Posts: 9,960
       |
????: NamePros.com http://www.namepros.com/showthread.php?t=638957 This is a UI bug then. Actually, they shouldn't be storing passwords in plain text but password hashes instead. Hashes have a fixed length (32 chars for MD5, 40 chars for SHA1). So it should not matter whether the password has 4 or 30 characters. Not sure what to think of it.
__________________ NameNewsletter.com - free lists of available domain names ZoneFiles.net (beta) - ccTLD and gTLD droplists | ||||
|
| |
|
02-10-2010, 09:38 PM
| #6 (permalink) |
| Senior Member  Join Date: May 2009 Location: internet@ctivist.com
Posts: 4,786
| How do you remember 30 character password? I mean EVERY site would have to have a different password. Take 10 sites.. thats a lot of characters.. and they are a mixture of UPPER lower Numbers and Symbols. Must be recorded somewhere externally.... |
|
| |
|
| Tags |
| security password |
« Mass Emailer that schedules emails?!
|
Bido Blocked My Country IP ( My Account also has been blocked ) »
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
 |
All times are GMT -7. The time now is 01:40 PM.
