My wife is experiencing this problem too!  Ostensibly, she is obeying all these rules but it is NOT accepting her password.  She is not able to create an account.  She even put in a 10-character password that was rejected as "too short."  

 

This field simply is not working right.  When I signed up, it kept saying that my password and repeat password "did not match" even though I copied/pasted.  This form acts hinky!!  Please fix!

First off, this isn't personal to you Primemover, it's about Skype's problems. 

 

I agree with all of the points made by annepxl and CoolHappyGuy13.  I am currently trying to change my password using a random password generator, and even though the password is:

* 19 characters long

* a random mixture of upper and lowercase, numbers and symbols, the password change form is telling me

* that doesn't contain any of your previously mentioned forbidden words

 

I get:

---

Skype wrote:
Please choose a password between 6-20 characters.

---

 

This is unacceptable!  The message is completely inaccurate (and unhelpful).  In addition, the information about what Skype expects in a password NEEDS to be on the page where I'm changing the password!!!  (Or when you're creating an account, though I don't know if it exists there...)

 

If anyone knows how to notify a Skype employ more directly of this security issue, I would much appreciate hearing about it.

Are you signing in via the Skype application (If yes: Which version?) or via the Skype.com website?

I should also recommend that it checks whether or not the user is using part of their name as a password. I.e.:

 

username:Bob.Richards

password:richards, bob, b0b, r1ch4rd5, richARDs, e.t.c

 

Were I to brute accounts the first thing I would do was a permutation check of their username.

Skype says it checks for the username thing, however, adding a digit inplace of a vowel or character to even just one letter allows you to use your username as a password.

 

Also, changing random vowels out is NOT as secure as you think. Because you added numbers to your name/password it is only SLIGHTLY more secure then if you were to have just used a common dictionary word.

 

Using alpha-numeric is only secure if it is truely close to random, i.e. W8fdab3c337CFaD9

 

If there is ANY form of a base word, like "CAT" and a base number "199293298" just adding the number to the word does not work:

 

CAT199293298

 

It would only take about 13 minutes longer to determine that is what you've used.

 

This information on disallowed letter and number combinations must be put on the password reset page.

After spending roughing 2 days trying to make a password after forgeting the first password, and having a temp password sent to me 4 times, No, you are wrong the requirements you listed are not the only requirments there are more hidden requirments that skype does not list, and lose people every day because of it. great work

I found that in the Android app, it constantly told me my password was too short. BUT in reality it was my username that was too hort.

In case anyone encounters this issue.

Cheers

Thanks. I was JUST about to give up.