Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

How to reset my password to a custom password

Mathews, | Last updated: Dec 02, 2021 09:55PM UTC

If i give reset password, i am getting an email and it gives a passwords. Can i change password to something i can remember?

Ben, PortSwigger Agent | Last updated: Dec 03, 2021 08:21AM UTC

Hi Dinse, This is our password policy, which we believe is best practice. Have you tried using a secure password manager in order to store your passwords for subsequent use?

Willis | Last updated: Nov 29, 2022 12:57PM UTC

You should change this policy asap. I am also not comfortable letting any website generate/hold my password for any reason. It can let the user imagine you use the password to snoopy inside the account and here is the irony, you are a company for security and you try to infringe on the first security question. "Don't let anybody have your password because your account is nontransferable". So if I may suggest a change. Why not create a hybrid (let the user choose to AUTOGENERATE password or Type THEIR OWN Password) in case they select TYPE THEIR OWN, the client website could download a BIGGER dictionary to search in the typed dictionary if it contains ANY ENGLISH word inside it. Also, the website could restrict, not allowing UTF16 characters. That would suffice! There are NICE password generators out there and even I do prefer to use them and save them internally. So I don't need an external "intelligence" doing it and holding it for me.

Willis | Last updated: Nov 29, 2022 01:03PM UTC

CORRECTION from my previous posted answer: So if I may suggest a change. Why not create a hybrid (let the user choose to AUTOGENERATE password or Type THEIR OWN Password) in case they select TYPE THEIR OWN, the client website could download a BIGGER dictionary to search in the typed "PASSWORD" if it contains ANY ENGLISH word inside it. Also, the website could restrict the usage of foreign characters not allowing UTF16 characters. That would suffice! There are NICE password generators out there and even I do prefer to use them and save them internally. So I don't need an external "intelligence" doing it and holding it for me.

Dominyque, PortSwigger Agent | Last updated: Aug 21, 2023 07:10AM UTC

Hi Both, Allowing customers to create their own passwords is not something we are looking at implementing in the near future. We believe that giving users a unique password is far more secure.

vinod | Last updated: Jul 25, 2024 06:29AM UTC

wow... Good to see you are holding so tight on your "Great Great Super Secure policy" but note it down somewhere "its extremely frustrating". Grip it .

leandro | Last updated: Sep 15, 2024 10:45PM UTC

you need to change this ASAP, is so unconfortable. I have to reset my pw everty time i want to log in because i dont have a password vault or something like that..

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.