Skip to Content
avatar image
Joachim Rees
Feb 17, 2017 at 03:12 PM

SAP Cloud Identity makes me shiver! (8 character Password)

148 views 11 comments

I don't now, but just (or: exactly!) 8 characters for a password seems really, really short, doesn't it?

And SAP Cloud Identity also "protects" all those HCP accounts, right? (Can you mine bitcoin on HCP? -> might be a evil business opportunity there...)

Can you maybe somehow disable Password-Login altogether and only log in with certificates?!

Oh well... off into the weekend!

Best
Joachim

2017-02-17-16-00-36cloud-identity-8chars.jpg (50.0 kB)
* Please Login or Register to Comment on or Follow discussions.

11 Comments

  • avatar image
    Vadim Kalinin
    Feb 17, 2017 at 03:22 PM

    I also like:

    pass.png (14.3 kB)
  • avatar image
    Steffi Warnecke
    Feb 17, 2017 at 03:38 PM

    This is to avoid people creating such long passwords they can't remember and then put it via post-its on the monitor! So... security! ;)

  • avatar image
    Volker Barth
    Feb 17, 2017 at 03:46 PM

    I remember to have stumbled over that monthes ago - and it took a while until I really understood the meaning of "exactly" as I simply could not imagine such a restriction in 201x.

    The good thing is "TOO-DUM8" seems valid, in contrast "wor!d class1", "c0mmon-sense" or "l0west-securi!y-standards" are way too long, apparently.

  • avatar image
    Matt Fraser
    Feb 17, 2017 at 05:51 PM

    This question of why the cloud identity password has to be exactly 8 characters has come up before (https://archive.sap.com/discussions/thread/3701103). The answer is that it's tied to the Service/Support Marketplace/Portal, and in the mix of systems that work with that there are still some older R/3 systems that can't handle a password longer than 8 characters. They also convert everything to uppercase -- they can't handle mixed-case passwords -- and thus the reason why the password today is case-insensitive. So, they've forced you to use that maximum -- 8 -- as the best they can do, but until they upgrade or retire the oldest systems that are still part of the mix, they can't allow anything longer, or require true mixed-case.

  • avatar image
    Oleg K
    Feb 19, 2017 at 10:27 PM

    I changed my password to "incorrect" so whenever I forget what it is

    computer will say "your password is incorrect"

    :)

    • avatar image
      Former Member
      Feb 20, 2017 at 05:01 AM

      your password is invalid. way too long.

  • avatar image
    Jelena Perfiljeva
    Feb 21, 2017 at 10:45 PM

    P@SSW0RD - nailed it! :)

    • avatar image
      Steffi Warnecke
      Feb 22, 2017 at 08:15 AM

      But you need a number, too! Or is the "O" a "0" (zero)?

      I wonder if you can use your S-user or P-user. ^^

  • avatar image
    Volker Barth
    Feb 22, 2017 at 08:50 AM
    Can you maybe somehow disable Password-Login altogether
and only log in with certificates?!

    FWIW, I don't think that would really improve security: AFAIK you need the password to create a new SAP Passport (aka client certificate), so anybody with access to your password could still create a new passport for your account and could login here that way, even when login via password would be disabled.

    ----------------------------------------------

    (That being said, I'd recommend to login here via passport in order to prevent to have to type the password and prevent keylogging but someone with access to my keyboard could probably also get my certificates, as well...)

    • Add comment
    10|10000 characters needed characters exceeded