Why I hate password policies...

box.net believes this password ("f_z"l/++WJ#;"=\P3sV<zl5q) is too weak, as it does not contain either SPACE, > or <.

P.S. except it even does! Still, the webform canot cope with REAL passwords...

Show thread

Sorry for keeping going on but the webform finds this password: zZ?S*C>O?7dgY7 "Weak".
It also finds this one 8B2AI6 "Fair".

What have those webdevs smoked? #passwordpolicy

Show thread

@spaetz for the lulz, do they also don't support passwords larger than 32 chars?

@joao I don't even dare to try it out. Their website might burn down if I do ...

Follow

@spaetz my favorite password snafu was when my bank changed their online interface and system, for online banking and in the process reduced the number of chars in a password that they supported to 20.

My password was over 50 chars. So I was locked out because the new system did not supported that.

@joao I would claim that any system that limits the password length to a specific maxiumum size is broken. They should be hashed and crunched client-side anyway and never reach the main databases in clear anyway.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml