I have an algorithm for all my passwords so they can all be different, but I can remember them. Skype won't let me use my algorithm, and won't tell me what the password wants - it just says something to the effect of 'not secure enough'. Well, thanks to this, first I had to create a separate account because I couldn't remember my login (causing all kinds of trouble at work). Now, once I recovered my password for the original account (access to that email), I have to keep it written down - VERY INSECURE!!! If I knew WHAT the password field wanted (capital letters? symbols? length? ???), I could easily modify my algorithm to accommodate. Please, this is a usability AND a security issue. Have your error fields provide useful information, and let me know what your password field requires.
29-07-2011 16:05 - edited 15-08-2011 05:45
below are some guidelines/requirements/restrictions in creating your password for Skype
A password must:
Your password also cannot contain any of the following words:
13-08-2011 20:39 - edited 13-08-2011 20:44
My wife is experiencing this problem too! Ostensibly, she is obeying all these rules but it is NOT accepting her password. She is not able to create an account. She even put in a 10-character password that was rejected as "too short."
This field simply is not working right. When I signed up, it kept saying that my password and repeat password "did not match" even though I copied/pasted. This form acts hinky!! Please fix!
First off, this isn't personal to you Primemover, it's about Skype's problems.
I agree with all of the points made by annepxl and CoolHappyGuy13. I am currently trying to change my password using a random password generator, and even though the password is:
* 19 characters long
* a random mixture of upper and lowercase, numbers and symbols, the password change form is telling me
* that doesn't contain any of your previously mentioned forbidden words
Please choose a password between 6-20 characters.
This is unacceptable! The message is completely inaccurate (and unhelpful). In addition, the information about what Skype expects in a password NEEDS to be on the page where I'm changing the password!!! (Or when you're creating an account, though I don't know if it exists there...)
If anyone knows how to notify a Skype employ more directly of this security issue, I would much appreciate hearing about it.
I should also recommend that it checks whether or not the user is using part of their name as a password. I.e.:
password:richards, bob, b0b, r1ch4rd5, richARDs, e.t.c
Were I to brute accounts the first thing I would do was a permutation check of their username.
Skype says it checks for the username thing, however, adding a digit inplace of a vowel or character to even just one letter allows you to use your username as a password.
Also, changing random vowels out is NOT as secure as you think. Because you added numbers to your name/password it is only SLIGHTLY more secure then if you were to have just used a common dictionary word.
Using alpha-numeric is only secure if it is truely close to random, i.e. W8fdab3c337CFaD9
If there is ANY form of a base word, like "CAT" and a base number "199293298" just adding the number to the word does not work:
It would only take about 13 minutes longer to determine that is what you've used.
After spending roughing 2 days trying to make a password after forgeting the first password, and having a temp password sent to me 4 times, No, you are wrong the requirements you listed are not the only requirments there are more hidden requirments that skype does not list, and lose people every day because of it. great work