Skip to Content
avatar image

SAP Cloud Identity makes me shiver! (8 character Password)

I don't now, but just (or: exactly!) 8 characters for a password seems really, really short, doesn't it?

And SAP Cloud Identity also "protects" all those HCP accounts, right? (Can you mine bitcoin on HCP? -> might be a evil business opportunity there...)

Can you maybe somehow disable Password-Login altogether and only log in with certificates?!

Oh well... off into the weekend!

Best
Joachim

* Please Login or Register to Comment on or Follow discussions.

11 Comments

  • Feb 17, 2017 at 03:22 PM

    I also like:

    pass.png (14.3 kB)
    • Feb 17, 2017 at 03:53 PM

      Passwords are stored on MS-DOS PC as filenames (8 character limit)

  • Feb 17, 2017 at 03:38 PM

    This is to avoid people creating such long passwords they can't remember and then put it via post-its on the monitor! So... security! ;)

  • Feb 17, 2017 at 03:46 PM

    I remember to have stumbled over that monthes ago - and it took a while until I really understood the meaning of "exactly" as I simply could not imagine such a restriction in 201x.

    The good thing is "TOO-DUM8" seems valid, in contrast "wor!d class1", "c0mmon-sense" or "l0west-securi!y-standards" are way too long, apparently.

  • Feb 17, 2017 at 05:51 PM

    This question of why the cloud identity password has to be exactly 8 characters has come up before (https://archive.sap.com/discussions/thread/3701103). The answer is that it's tied to the Service/Support Marketplace/Portal, and in the mix of systems that work with that there are still some older R/3 systems that can't handle a password longer than 8 characters. They also convert everything to uppercase -- they can't handle mixed-case passwords -- and thus the reason why the password today is case-insensitive. So, they've forced you to use that maximum -- 8 -- as the best they can do, but until they upgrade or retire the oldest systems that are still part of the mix, they can't allow anything longer, or require true mixed-case.

  • Feb 19, 2017 at 10:27 PM

    I changed my password to "incorrect" so whenever I forget what it is

    computer will say "your password is incorrect"

    :)

    • avatar image
      Former Member
      Feb 20, 2017 at 05:01 AM

      your password is invalid. way too long.

  • Feb 21, 2017 at 10:45 PM

    P@SSW0RD - nailed it! :)

    • Feb 22, 2017 at 08:15 AM

      But you need a number, too! Or is the "O" a "0" (zero)?

      I wonder if you can use your S-user or P-user. ^^

      • Feb 22, 2017 at 05:35 PM

        It's a zero. Unfortunately, nearly impossible to tell with this SCN font of choice. :(

  • Feb 22, 2017 at 08:50 AM
    Can you maybe somehow disable Password-Login altogether
    and only log in with certificates?!

    FWIW, I don't think that would really improve security: AFAIK you need the password to create a new SAP Passport (aka client certificate), so anybody with access to your password could still create a new passport for your account and could login here that way, even when login via password would be disabled.

    ----------------------------------------------

    (That being said, I'd recommend to login here via passport in order to prevent to have to type the password and prevent keylogging but someone with access to my keyboard could probably also get my certificates, as well...)

  • Add comment
    10|10000 characters needed characters exceeded