Why Asus new Password security policy is ridiculous

[ColinTaylor]

How do you know, you're not a 'specific valuable target'?

I wish I were. Maybe I could afford that new PC.

 

[RMerlin]

bout the length: Why does wi-fi allow 63 characters (or 64 hex) if it doesn't matter? Why does encryption use such huge key lengths?

The WPA2 passphrase is not a password. It's used to generate a 256-bit key derived from it, which is what is used for the actual encryption.

Unlike a password, it's used for encryption, not for authentication.

 

[Tech9]

bad security decisions in their past

We've been talking about some for many years, no? Asus App and AiCloud included. Asus steps in only when their reputation is affected and potentially lose money. Otherwise - don't care. So leave the consumer user alone and don't represent Asus like heroes for finally doing something. The statement "if the users cannot be trusted to secure their network, then the manufacturer had to step in" is simply not true for this particular manufacturer based on the past experience. Something bad for the business happened first.

 

[RMerlin]

The statement "if the users cannot be trusted to secure their network, then the manufacturer had to step in" is simply not true for this particular manufacturer based on the past experience

The discussion in this thread has to do with the rationale behind Asus enforcing strong password policies. In this context, yes, they enforced stronger passwords because just asking users to use a stronger password visibly does not work.

 

[Tech9]

because just asking users to use a stronger password visibly does not work

There was a specific trigger event for mass firmware updates and subsequent policy changes. What exactly was the issue was never officially disclosed. Are you saying as per Asus the recent AiCloud attack was entirely users' fault? I remember you personally discouraging the use of AiCloud because of security flaws. Even wanted to remove it from Asuswrt-Merlin at some point. Something obviously "did not work" there and wasn't limited to password strength alone. You have adopted blaming the users strategy.

 

[jzchen]

There have been times when I remote into my GT-AXE11000 to check on it and it says I have entered my password incorrectly 5 times, and is doing a count down....

Glad it's only memorable to me....

 

[XIII]

Restrictions make some combinations illegal = fewer legal combinations!

Yes, but, again, what did ASUS restrict more than before?