There are two ways about security, either you allow user to apply security measures as they see fit, so they can decide for themselves or you use proper security standards up to date with current understanding.
Since TOS enforces security it should use proper standards:
1) Long passphrases are more secure than character complexity. Requirement for usage of numbers and special characters were not created as a verified standard
Security should enforce password complexity by calculating expected brute-force time or something like "entropy" (https://github.com/dropbox/zxcvbn)
2) Security email does not accept standard email+somethimg@gmail.com emails and it's not allowed to not create security email. If you ask my email and want device to access somewhere online I need to have a way of at least basic confirmation that it was not sold to spammers directly.
I do not want to give my email to someone who does not verify their security requirements before implementing them.
Also, since overall terramaster NASes are somewhat targeted at more involved users, I don't think it would hurt to have "I know what i'm doing, it is a test run" checkbox to disable the requirements. Either to use proper security or to save time on configuration for testing.
Since TOS enforces security it should use proper standards:
1) Long passphrases are more secure than character complexity. Requirement for usage of numbers and special characters were not created as a verified standard
Security should enforce password complexity by calculating expected brute-force time or something like "entropy" (https://github.com/dropbox/zxcvbn)
2) Security email does not accept standard email+somethimg@gmail.com emails and it's not allowed to not create security email. If you ask my email and want device to access somewhere online I need to have a way of at least basic confirmation that it was not sold to spammers directly.
I do not want to give my email to someone who does not verify their security requirements before implementing them.
Also, since overall terramaster NASes are somewhat targeted at more involved users, I don't think it would hurt to have "I know what i'm doing, it is a test run" checkbox to disable the requirements. Either to use proper security or to save time on configuration for testing.
Statistics: Posted by imminentDelivery — 18 minutes ago