Is it just me, or does 16 characters just not seem long enough? Also, why are we limited to a maximum of only 5 user accounts (6 if you include the administrator)? That's obviously not a limitation of Samba. Such limitations! Is there a workaround which doesn't limit me to SSH only access? I'd feel a lot better with at least 20 characters, as that is approx as strong as MD5, which is considered weak by today's standards. Could the Merlin fork possibly increase this to 20 chars? I don't think that's too many, but would provide a 10% improvement over 16 chars. When talking about such huge numbers, 10% really is kind of a big deal. It translates into several decimal places.
Maybe even add the inclusion of a separate 4 character pin which functions like 2 factor, but simply appears on the screen as a second entry field following the password field, like (________ - ___)? That would prevent the problems with foreign languages and more than 16 characters, but still increase the security margin. Maybe add Google Authenticator as 2nd factor?
Maybe even add the inclusion of a separate 4 character pin which functions like 2 factor, but simply appears on the screen as a second entry field following the password field, like (________ - ___)? That would prevent the problems with foreign languages and more than 16 characters, but still increase the security margin. Maybe add Google Authenticator as 2nd factor?
Last edited: