Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

How to reset my password to a custom password

Mathews, | Last updated: Dec 02, 2021 09:55PM UTC

If i give reset password, i am getting an email and it gives a passwords. Can i change password to something i can remember?

Ben, PortSwigger Agent | Last updated: Dec 03, 2021 08:21AM UTC

Hi Dinse, This is our password policy, which we believe is best practice. Have you tried using a secure password manager in order to store your passwords for subsequent use?

Willis | Last updated: Nov 29, 2022 12:57PM UTC

You should change this policy asap. I am also not comfortable letting any website generate/hold my password for any reason. It can let the user imagine you use the password to snoopy inside the account and here is the irony, you are a company for security and you try to infringe on the first security question. "Don't let anybody have your password because your account is nontransferable". So if I may suggest a change. Why not create a hybrid (let the user choose to AUTOGENERATE password or Type THEIR OWN Password) in case they select TYPE THEIR OWN, the client website could download a BIGGER dictionary to search in the typed dictionary if it contains ANY ENGLISH word inside it. Also, the website could restrict, not allowing UTF16 characters. That would suffice! There are NICE password generators out there and even I do prefer to use them and save them internally. So I don't need an external "intelligence" doing it and holding it for me.

Willis | Last updated: Nov 29, 2022 01:03PM UTC

CORRECTION from my previous posted answer: So if I may suggest a change. Why not create a hybrid (let the user choose to AUTOGENERATE password or Type THEIR OWN Password) in case they select TYPE THEIR OWN, the client website could download a BIGGER dictionary to search in the typed "PASSWORD" if it contains ANY ENGLISH word inside it. Also, the website could restrict the usage of foreign characters not allowing UTF16 characters. That would suffice! There are NICE password generators out there and even I do prefer to use them and save them internally. So I don't need an external "intelligence" doing it and holding it for me.

Aryan | Last updated: Aug 18, 2023 02:47PM UTC

????????????????

Dominyque, PortSwigger Agent | Last updated: Aug 21, 2023 07:10AM UTC

Hi Both, Allowing customers to create their own passwords is not something we are looking at implementing in the near future. We believe that giving users a unique password is far more secure.

You need to Log in to post a reply. Or register here, for free.