Skip to Content

SAP Cloud Identity makes me shiver! (8 character Password)

I don't now, but just (or: exactly!) 8 characters for a password seems really, really short, doesn't it?

And SAP Cloud Identity also "protects" all those HCP accounts, right? (Can you mine bitcoin on HCP? -> might be a evil business opportunity there...)

Can you maybe somehow disable Password-Login altogether and only log in with certificates?!

Oh well... off into the weekend!

Best
Joachim

4
Show 11
* Please Login or Register to Comment on or Follow discussions.
avatar image
Feb 17, 2017 at 03:12 PM edited Feb 17, 2017 at 03:25 PM
134

I also like:

pass.png (14.3 kB)
1 Share

Passwords are stored on MS-DOS PC as filenames (8 character limit)

3 Share

This is to avoid people creating such long passwords they can't remember and then put it via post-its on the monitor! So... security! ;)

1 Share

I remember to have stumbled over that monthes ago - and it took a while until I really understood the meaning of "exactly" as I simply could not imagine such a restriction in 201x.

The good thing is "TOO-DUM8" seems valid, in contrast "wor!d class1", "c0mmon-sense" or "l0west-securi!y-standards" are way too long, apparently.

1 Share

This question of why the cloud identity password has to be exactly 8 characters has come up before (https://archive.sap.com/discussions/thread/3701103). The answer is that it's tied to the Service/Support Marketplace/Portal, and in the mix of systems that work with that there are still some older R/3 systems that can't handle a password longer than 8 characters. They also convert everything to uppercase -- they can't handle mixed-case passwords -- and thus the reason why the password today is case-insensitive. So, they've forced you to use that maximum -- 8 -- as the best they can do, but until they upgrade or retire the oldest systems that are still part of the mix, they can't allow anything longer, or require true mixed-case.

1 Share

I changed my password to "incorrect" so whenever I forget what it is

computer will say "your password is incorrect"

:)

0 Share

your password is invalid. way too long.

0 Share

P@SSW0RD - nailed it! :)

0 Share

But you need a number, too! Or is the "O" a "0" (zero)?

I wonder if you can use your S-user or P-user. ^^

0 Share

It's a zero. Unfortunately, nearly impossible to tell with this SCN font of choice. :(

0 Share
Can you maybe somehow disable Password-Login altogether
and only log in with certificates?!

FWIW, I don't think that would really improve security: AFAIK you need the password to create a new SAP Passport (aka client certificate), so anybody with access to your password could still create a new passport for your account and could login here that way, even when login via password would be disabled.

----------------------------------------------

(That being said, I'd recommend to login here via passport in order to prevent to have to type the password and prevent keylogging but someone with access to my keyboard could probably also get my certificates, as well...)

0 Share
10 |10000 characters needed characters left characters exceeded