Passwords in scratch. Yes, they do need to be 6 letters or longer, and it can't just be “password” but I don't think it is enough. On this website, any password only 6 letters are too short. In google searches, most websites recommend at least 12 characters in passwords with some suggesting 16!

I do think at least 12 characters would be too big of a restriction and will just be annoying. But 6 is far too low, so I am going to suggest to up it to 8 characters at least with 1 digit. However, if a password is at least 10 characters long, the digit restriction don’t apply.


Why do this? Well, hacking isn’t to much of an issue in scratch - this is actually more for so younger users can understand that passwords need to be strong. It’s good set up for later life - scratch teaching young kids that “123456” is a fine password isn’t good.

PlatoHero_ wrote:

One question, though. What would happen to accounts that don't have passwords not following the rules after this would be implemented?
also, king of 2nd page

As soon as they log in they would be forced to change their password.

What classifies as a special character?

You know, according to this image of the Scratch Wiki(made by xkcd), all that is needed is a few random words that have nothing to do with each other. It has also been tested in the Kaspersky password checker with great results of 10000+ centuries being needed to find the password with an average home computer. Instead, the greater the password length is, the more secure it gets. Support about the greater length part, but not the special character and 1 digit part.

DarthVader4Life wrote:

What classifies as a special character?

A special character is a character not making a sound in a non-constructed language. Examples include $,©,§,°,> etc.

DarthVader4Life wrote:

What classifies as a special character?

!@#$%^&*()-_=+`~{}\|;:'",.<>/?

dhuls wrote:

DarthVader4Life wrote:

What classifies as a special character?

!@#$%^&*()-_=+`~{}\|;:'",.<>/?

unicode counts too

I think requiring a special character is going a bit too far.

Support, it would make passwords more secure.

CST1229 wrote:

I think requiring a special character is going a bit too far.

Agreed - my password doesn’t have one. So I removed it.

PlatoHero_ wrote:

You know, according to this image of the Scratch Wiki(made by xkcd), all that is needed is a few random words that have nothing to do with each other. It has also been tested in the Kaspersky password checker with great results of 10000+ centuries being needed to find the password with an average home computer. Instead, the greater the password length is, the more secure it gets. Support about the greater length part, but not the special character and 1 digit part.

I removed the special character part, and the password can be anything if 10 character or longer.

dertermenter wrote:

However, if a password is at least 10 characters long, the special character and digit restrictions don’t apply.

aaaaaaaaaa 1234567890

Unithlees3 wrote:

dhuls wrote:

DarthVader4Life wrote:

What classifies as a special character?

!@#$%^&*()-_=+`~{}\|;:'",.<>/?

unicode counts too

No, unicode doen't, because although some of its characters are special characters, there are many thay are just vowels and constonants from other languages.

mybearworld wrote:

dertermenter wrote:

However, if a password is at least 10 characters long, the special character and digit restrictions don’t apply.

aaaaaaaaaa 1234567890

With these restrictions, at least it would be harder to make an easy tapas word. Maybe a character can’t be completely repeated for a password?

Making the password length 8 characters long would improve security, requiring at least one number or special character would not. 6 is too short, but 8 is an alright amount considering some Scratch’s users are very young, and that some other sites require 8 characters. Here is a comic to explain why requiring a number or special character would not improve security:

Younger Scratch users might start thinking a password like “Tr0ub4dor&3” is better than “correctbatteryhorsestaple”, but when in reality, it is not. This could lead to their accounts to getting hacked in the future.

CST1229 wrote:

I think requiring a special character is going a bit too far.

That is not going to far.
A digit and a special character help a lot.
Lets say a kid made up some password like
abcdfghi
but saw you needed a number, they get creative and make this.
a1b2c3d4e5f6g7h8i9
But the password would still be easy to guess.
But with special characters:
a1b2c3d4e5f6g7h8i9%
The password will now be less easy to guess.

TheTrillion wrote:

Support for making the password length 8 characters long, but no support for requiring at least one number or special character. 6 is too short, but 8 is an alright amount considering some Scratch’s users are very young, and that some other sites require 8 characters. However requiring a number or a special character I do not support. Here is a xkcd comic to explain why:
Younger Scratch users might start thinking a password like “Tr0ub4dor&3” is better than “correctbatteryhorsestaple”, but when in reality, it isn’t. This could lead to their accounts to getting hacked in the future.

You don’t need a special character.

Shall I just make the minimum 10 with no digits or special characters to make it easier?

ItsMe-XTV- wrote:

CST1229 wrote:

I think requiring a special character is going a bit too far.

That is not going to far.
A digit and a special character help a lot.
Lets say a kid made up some password like
abcdfghi
but saw you needed a number, they get creative and make this.
a1b2c3d4e5f6g7h8i9
But the password would still be easy to guess.
But with special characters:
a1b2c3d4e5f6g7h8i9%
The password will now be less easy to guess.

It will be less easy to guess due to the fact that there is one more digit.

No support, your password should be your own choice.

-EmeraldThunder- wrote:

No support, your password should be your own choice.

Of course you will choose what password you will have, but there willl be some passwords you won't be able to have, in order to prevent accounts from being hacked and the ST being blammed for not taking precautions enough.

PlatoHero_ wrote:

-EmeraldThunder- wrote:

No support, your password should be your own choice.

Of course you will choose what password you will have, but there willl be some passwords you won't be able to have, in order to prevent accounts from being hacked and the ST being blammed for not taking precautions enough.

I am a firm beliver in allowing people to take whatever action they think best and end uo having to face the conseqences. It's a good life lesson.

-EmeraldThunder- wrote:

PlatoHero_ wrote:

-EmeraldThunder- wrote:

No support, your password should be your own choice.

Of course you will choose what password you will have, but there willl be some passwords you won't be able to have, in order to prevent accounts from being hacked and the ST being blammed for not taking precautions enough.

I am a firm beliver in allowing people to take whatever action they think best and end uo having to face the conseqences. It's a good life lesson.

Teaching kids how to make a good password is better than a kid crying because his account got hacked. They best way is to just enforce a good password