Why I hate password policies...
box.net believes this password ("f_z"l/++WJ#;"=\P3sV<zl5q) is too weak, as it does not contain either SPACE, > or <.
P.S. except it even does! Still, the webform canot cope with REAL passwords...
Sorry for keeping going on but the webform finds this password: zZ?S*C>O?7dgY7 "Weak".
It also finds this one 8B2AI6 "Fair".
What have those webdevs smoked? #passwordpolicy
@spaetz for the lulz, do they also don't support passwords larger than 32 chars?
@joao I don't even dare to try it out. Their website might burn down if I do ...
@spaetz my favorite password snafu was when my bank changed their online interface and system, for online banking and in the process reduced the number of chars in a password that they supported to 20.
My password was over 50 chars. So I was locked out because the new system did not supported that.
@joao I would claim that any system that limits the password length to a specific maxiumum size is broken. They should be hashed and crunched client-side anyway and never reach the main databases in clear anyway.