[Search]  Search   [Groups]  Back to EA Forum Index  
Add special character for passwords  XML
Origin  > Ideas and Suggestions
Author Message




Joined: 07/02/2012 11:54:56
Messages: 2
Offline

Hello,

I find it outrageous that a platform like origin does not allow you to add character as . / : @ in the password.

I think it urgent and necessary to increase the length of passwords and add this kind of character

thx


Community Manager
[Avatar]
Joined: 05/23/2012 16:15:24
Messages: 540
Offline

I'm a little surprised by this, since my password has some of the special characters in it, plus more. We try very hard to educate those with accounts on Origin to have secure passwords. So much so, that when you go to edit your account (www.origin.com/account), we ask for the following:

"Your password must be 8 - 16 characters, and include at least one lowercase letter, one uppercase letter, and a number."

So feel free to go to that link and change your password, and you should be able to stay nice and secure.

I no longer work for EA. If you need help, please use the "Bugs/Issues" section, or head to help.ea.com.
Follow / Talk to me on Twitter - @OneLetter


Developer
[Avatar]
Joined: 10/31/2011 22:27:59
Messages: 843
Location: Western Australia
Offline

Crocsx wrote:Hello,

I find it outrageous that a platform like origin does not allow you to add character as . / : @ in the password.

I think it urgent and necessary to increase the length of passwords and add this kind of character

thx


Hello,

Those characters are also referred to as character entity references, since we use XML and various other technologies for client and server-side communication, specific characters are resevered and/or considered 'unsafe' as they could be used to mangle the information and cause a security issue or because the standard uses these for special meanings.

Some of these characters are listed here:
http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references

For example;
If you had & amp; in your password (I had to include spaces to fool the forum since it also uses those characters), XML parsers convert this to &, thus your password would be different to the one you entered, this is the same for many other characters and hence why you're unable to use them.

Provided you don't use something too short and too simple or the same passwords on multiple sites, your password will remain secure.

RFC1718 talks about some of these characters (http://www.w3.org/Addressing/rfc1738.txt), I quoted the specific text below

Unsafe:

Characters can be unsafe for a number of reasons. The space
character is unsafe because significant spaces may disappear and
insignificant spaces may be introduced when URLs are transcribed or
typeset or subjected to the treatment of word-processing programs.
The characters "<" and ">" are unsafe because they are used as the
delimiters around URLs in free text; the quote mark (""" is used to
delimit URLs in some systems. The character "#" is unsafe and should
always be encoded because it is used in World Wide Web and in other
systems to delimit a URL from a fragment/anchor identifier that might
follow it. The character "%" is unsafe because it is used for
encodings of other characters. Other characters are unsafe because
gateways and other transport agents are known to sometimes modify
such characters. These characters are "{", "}", "|", "\", "^", "~",
"[", "]", and "`".

All unsafe characters must always be encoded within a URL. For
example, the character "#" must be encoded within URLs even in
systems that do not normally deal with fragment or anchor
identifiers, so that if the URL is copied into another system that
does use them, it will not be necessary to change the URL encoding.

Reserved:

Many URL schemes reserve certain characters for a special meaning:
their appearance in the scheme-specific part of the URL has a
designated semantics. If the character corresponding to an octet is
reserved in a scheme, the octet must be encoded. The characters ";",
"/", "?", ":", "@", "=" and "&" are the characters which may be
reserved for special meaning within a scheme. No other characters may
be reserved within a scheme.

Usually a URL has the same interpretation when an octet is
represented by a character and when it encoded. However, this is not
true for reserved characters: encoding a character reserved for a
particular scheme may change the semantics of a URL.

Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
reserved characters used for their reserved purposes may be used
unencoded within a URL.


Hope this helps
dmex

This message was edited 1 time. Last update was at 07/02/2012 11:52:06





Joined: 07/02/2012 11:54:56
Messages: 2
Offline

Ok thank you for the info, it's just that, I had some problems with an hacker on steam and i use now a mega secure passwors, but i can use that on origin ^^ I think 16 without character. / Etc is quite "short".

Anyway, thank you for your precise information, and sorry to have sounded a bit violent (not my intention is the translate maybe hihi)

Have a nice week


Developer
[Avatar]
Joined: 10/31/2011 22:27:59
Messages: 843
Location: Western Australia
Offline

Crocsx wrote:Ok thank you for the info, it's just that, I had some problems with an hacker on steam and i use now a mega secure passwors, but i can use that on origin ^^ I think 16 without character. / Etc is quite "short".


If you're interested, there's a really good write up about password security here by Vivek Girotra that dispells some of the myths:

http://vivekgirotra.com/why-the-password-this-is-fun-is-10-times-more

Crocsx wrote:
Anyway, thank you for your precise information, and sorry to have sounded a bit violent (not my intention is the translate maybe hihi)


Violent? If you say so

It's just one of those things - when using HTML which is all character based, some characters need to be reserved for the correct operation of HTML, unfortunately this means those characters cannot be used for form submissions such as password fields

dmex




Joined: 07/10/2012 00:41:58
Messages: 3
Offline

Sounds a lot like you should really change the backbone you're using instead of forcing us to use low security passwords.




Joined: 07/08/2012 11:52:51
Messages: 10
Offline

Why not just adopt the authenticator's MMOs are starting to use?
Origin  > Ideas and Suggestions
Go to: