Forum Discussion

JamesMilsom's avatar
JamesMilsom
Qrew Member
7 years ago

I'd like to propose addressing the current allowable password length (20 characters).

Our single sign on environment allows up to 48 characters and the current limit should support NIST guidelines (800-63B):

Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length.

[...]

Users should be encouraged to make their passwords as lengthy as they want, within reason. Since the size of a hashed password is independent of its length, there is no reason not to permit the use of lengthy passwords (or pass phrases) if the user wishes. Extremely long passwords (perhaps megabytes in length) could conceivably require excessive processing time to hash, so it is reasonable to have some limit.

  • Hi James,

    I have bubbled this feedback up into our internal intake application but I would also suggest if you are interested in seeing this feedback get to our entire PD team also adding it to our User Voice Platform. I would encourage you to include that feedback in our User Voice as a business need for your company. UserVoice is our Feedback Platform- which can most easily be accessed from the My Apps page in Quick Base by clicking on the orange Feedback tab that appears on the left hand side of the page or at http://quickbase.uservoice.com .  This forum is used by our development team to explore customer suggestions for enhancements / changes to the platform. I am familiar with other services that do use longer passwords or pass phrases so I am sure there are others that would up vote this enhancement and may be of interest to our Security Team to see the number of users that would vote for this enhancement. 
  • James if you create a uservoice request please put the link here so we can find it and vote on it. 
  • HI James,

    I just wanted to come back to update this thread to let you know that we have an increase to our allowed password length coming out in our February release. You can find it in our release notes linked below:

    https://www.quickbase.com/quickbase-blog/february-2018-release-notes

    The new limit is 64 characters. With this enhancement, Quick Base meets an important requirement of NIST guidelines (800-63B). Your UserVoice feedback and this post helped to spark off a new conversation on this enhancement in our PD team looking at security and it was something they felt was a great addition to the product at this time. Thank you very much!