My main problem with passwords is the limits that sites put on what I can set for a password.
I could not tell you how many times I reset my password using my password manager, then immediately log out, and log in using the credentials I just saved into my password manager, and they don't work, because the site is truncating the password to 15/20/whatever characters.
The number of times this limitation is not clearly stated, checked for, or even acknowledged by the site is too damn high.
I've made it a habit of testing a login after every password set/reset to ensure I don't have trouble with it in the future.
The amount of websites that limit passwords to 16 characters is alarming
Usually 15, 16, 20, or 25 in my experience.
15/16 I get, no idea why 20/25 is so common.
My password manager generates 32 character passwords composed of random alphanumeric characters by default. I usually don't modify it unless I hit a restriction, or its a site I'm particularly concerned about getting penetrated (in which case I increase the number of characters).
I don't mind sharing that because bluntly: anyone reading this, good luck figuring it out. The permutations is something along the lines of (26*2+10+(special characters))^32... Which is 3.5239... * 10^60... Otherwise known as 3.5 novemdecillion.
Ha.
Wish we just had like 256 char passwords so I could actually use passphrases instead of passwords.
It'd be way more secure for me compared to what I'm doing now.
I'd do like Star Trek haikus or some such which would be actually possible to remember.
A person of culture, I see.
For spice, I randomly change my password length. 15 to 50+. I don't even fucking know.
I created an account on a hosted service we use at work the other day, my password had to be exactly 12 characters. No more no less.
Wow, that's an extra level of special.
Stored plaintext in a CHAR(12) field in a DB2 database.
My fucking bank: 👀
ALL banks.
Or when the app has different limits than the webpage!
See also: Sites that don't allow "+" in email addresses while logging in, but do accept them at registration (including confirmation emails)
PlayStation Network has a limit of around 30 characters but they let you pick something longer. They even send you an email confirming that your password has been updated. But if you try to login with your new password it won't work.
I'll probably forget this within the next time I have to change it. I will then AGAIN try with 128 characters and then 125, 120, 115... while yelling at the emails they send me.
Can you maybe add a note to the account in your password manager to remind yourself of the limitation? I dunno, I'm just some guy
You're absolutely right. I've got a talent for procrastination though. I tried giving myself an excuse while formulating this answer, but I realised that just fixing it would be quicker. Hahaha. Thank you
My pleasure. I regularly put notes in my password manager about stuff like this.
My main problem with passwords is the limits that sites put on what I can set for a password.
I could not tell you how many times I reset my password using my password manager, then immediately log out, and log in using the credentials I just saved into my password manager, and they don't work, because the site is truncating the password to 15/20/whatever characters.
The number of times this limitation is not clearly stated, checked for, or even acknowledged by the site is too damn high.
I've made it a habit of testing a login after every password set/reset to ensure I don't have trouble with it in the future.
The amount of websites that limit passwords to 16 characters is alarming
Usually 15, 16, 20, or 25 in my experience.
15/16 I get, no idea why 20/25 is so common.
My password manager generates 32 character passwords composed of random alphanumeric characters by default. I usually don't modify it unless I hit a restriction, or its a site I'm particularly concerned about getting penetrated (in which case I increase the number of characters).
I don't mind sharing that because bluntly: anyone reading this, good luck figuring it out. The permutations is something along the lines of (26*2+10+(special characters))^32... Which is 3.5239... * 10^60... Otherwise known as 3.5 novemdecillion.
Ha.
Wish we just had like 256 char passwords so I could actually use passphrases instead of passwords.
It'd be way more secure for me compared to what I'm doing now.
I'd do like Star Trek haikus or some such which would be actually possible to remember.
A person of culture, I see.
For spice, I randomly change my password length. 15 to 50+. I don't even fucking know.
I created an account on a hosted service we use at work the other day, my password had to be exactly 12 characters. No more no less.
Wow, that's an extra level of special.
Stored plaintext in a CHAR(12) field in a DB2 database.
My fucking bank: 👀
ALL banks.
Or when the app has different limits than the webpage!
See also: Sites that don't allow "+" in email addresses while logging in, but do accept them at registration (including confirmation emails)
PlayStation Network has a limit of around 30 characters but they let you pick something longer. They even send you an email confirming that your password has been updated. But if you try to login with your new password it won't work.
I'll probably forget this within the next time I have to change it. I will then AGAIN try with 128 characters and then 125, 120, 115... while yelling at the emails they send me.
Can you maybe add a note to the account in your password manager to remind yourself of the limitation? I dunno, I'm just some guy
You're absolutely right. I've got a talent for procrastination though. I tried giving myself an excuse while formulating this answer, but I realised that just fixing it would be quicker. Hahaha. Thank you
My pleasure. I regularly put notes in my password manager about stuff like this.
Have a good day.