TSP password enhanced today
TSP password enhanced today
I was gratified to see that when I logged into the TSP site today, I was prompted to change my password to something with at least ten digits, at least one capital and one lowercase letter, one number, and one special character. Greater password security has been a long time coming for the TSP and I'm happy it's here! Go in and change your passwords when you get a chance.
Re: TSP password enhanced today
This is good for TSP security, but it looks like the outside funds option display on the Vanguard website is set to a maximum of eight characters. I wonder when they will fix this. My TSP listings all went away.
Re: TSP password enhanced today
I also noticed a need to change password to conform with security requirements. What does everyone use for a combined view of all accounts (VG, TSP et all) that will not bomb once a week? I had looked at Mint some time ago but wondered if there was a better alternative.
Re: TSP password enhanced today
I already talked with VG and they passed it along to CashEdge, the VG rep seemed to think it would be taken care of pretty quickly.SamB wrote:This is good for TSP security, but it looks like the outside funds option display on the Vanguard website is set to a maximum of eight characters. I wonder when they will fix this. My TSP listings all went away.
Re: TSP password enhanced today
VG fast reply is good news. I still wouldn't mind looking at other alternatives. I have used the VG interface for this at some length and have more or less liked it ok.
Re: TSP password enhanced today
Is having more possible characters and combinations a meaningful source of added security, or is the greater risk someone hacking in and determining exactly what you set up as your password, as well as all the other TSP participants? Remembering all your various passwords is less likely the longer they get, which means you write them down and your notes could be lost or stolen? So is this really a practical security improvement considering all the implications? And is so, when will we be typing in 20 or 30 characters?
- TimeRunner
- Posts: 1939
- Joined: Sat Dec 29, 2012 8:23 pm
- Location: Beach-side, CA
Re: TSP password enhanced today
Use a password manager and a completely random password.Alan S. wrote:Is having more possible characters and combinations a meaningful source of added security, or is the greater risk someone hacking in and determining exactly what you set up as your password, as well as all the other TSP participants? Remembering all your various passwords is less likely the longer they get, which means you write them down and your notes could be lost or stolen? So is this really a practical security improvement considering all the implications? And is so, when will we be typing in 20 or 30 characters?
One cannot enlighten the unconscious. | "All I need are some tasty waves, a cool buzz, and I'm fine." -Jeff Spicoli
Re: TSP password enhanced today
Glad to see it, maybe they will add two factor authentication sometime before I retire in 2024.
Warning: I am about 80% satisficer (accepting of good enough) and 20% maximizer
-
- Posts: 2219
- Joined: Fri Sep 02, 2011 10:34 am
Re: TSP password enhanced today
What is TSP
"Every time I see an adult on a bicycle, I no longer despair for the future of the human race." H.G. Wells
Re: TSP password enhanced today
Thrift
Savings
Plan
The Federal government equivalent of a 401k.
Noteworthy because it has even lower expenses than Vanguard, and a bond fund that makes TBM pale by comparison.
Savings
Plan
The Federal government equivalent of a 401k.
Noteworthy because it has even lower expenses than Vanguard, and a bond fund that makes TBM pale by comparison.
Most of my posts assume no behavioral errors.
Re: TSP password enhanced today
Thrift Savings Plan. It's the US Government employees 401k plan.
Re: TSP password enhanced today
Linked accounts now works again with new password requirements.
Re: TSP password enhanced today
I have an account that requires 15+ characters with 2 each of upper, lower, number, special character. And you have to change it every 60 days.Alan S. wrote:Is having more possible characters and combinations a meaningful source of added security, or is the greater risk someone hacking in and determining exactly what you set up as your password, as well as all the other TSP participants? Remembering all your various passwords is less likely the longer they get, which means you write them down and your notes could be lost or stolen? So is this really a practical security improvement considering all the implications? And is so, when will we be typing in 20 or 30 characters?
The long password requirements are not to prevent hacking via the web interface, because a 6-8 character password and limiting the number of login attempts would handle that. It is to prevent someone from stealing the password file from the company's internal computer network and using supercomputer and/or cloud computing resources to break the encryption on the file.
- Epsilon Delta
- Posts: 8090
- Joined: Thu Apr 28, 2011 7:00 pm
Re: TSP password enhanced today
Not really. If you're using a properly salted slow hash function 10 character lower case is fine. The long password requirements are either pure theater or because the person running the site thinks it's easier to blame the user than do his job.rkhusky wrote:I have an account that requires 15+ characters with 2 each of upper, lower, number, special character. And you have to change it every 60 days.Alan S. wrote:Is having more possible characters and combinations a meaningful source of added security, or is the greater risk someone hacking in and determining exactly what you set up as your password, as well as all the other TSP participants? Remembering all your various passwords is less likely the longer they get, which means you write them down and your notes could be lost or stolen? So is this really a practical security improvement considering all the implications? And is so, when will we be typing in 20 or 30 characters?
The long password requirements are not to prevent hacking via the web interface, because a 6-8 character password and limiting the number of login attempts would handle that. It is to prevent someone from stealing the password file from the company's internal computer network and using supercomputer and/or cloud computing resources to break the encryption on the file.
Re: TSP password enhanced today
Thanks for bringing this to our attention. Updated with a significantly stronger password.
Re: TSP password enhanced today
Interesting article on password file cracking that shows why you shouldn't use dictionary words in your passwords:
http://arstechnica.com/security/2013/05 ... passwords/
http://arstechnica.com/security/2013/05 ... passwords/