Nothing enrages me more than a password character limit. Thank you for making sure my password is LESS secure with your idiotic requirements based on security recommendations that are at least a decade old.
How about… an undisclosed character limit? We’ll just keep telling you your password is invalid until you figure out the max length.
Let the users enter as many characters as they want and silently crop the password to a few characters.
Convince me this isn’t just training someone’s pet algorithm the same way we’ve all been trained to accept training the CAPTCHAs.
WAKE UP COMPILERS
(It is a fun game though)
My bank requires your password to contain NO vowels. I always forget when I update the password (forced to every 3 months) and the error never mentions it.
I'm struggling to think why this would be a thing. The only guess I have is someone was told to enforce "no dictionary words in a password" and saw that as an 'easier' way to implement?
One one hand it reduces the total # of characters needed to brute force which is bad. On the other hand, like you said, it makes it so dictionary attacks are weaker - which is good
Although I think you could just get a regular dictionary, remove the vowels, and it would probably work just fine
I get so irrationally mad about passwords now, and then it’s like every 3 months, no matter what password phrase I come up with, with whatever non-sensual special characters and spaces added in, it’s compromised in some hack, so no matter how good your password is, they’ll just get it from the source anyways.
I just use the KeePassXC password generator. :)
Way too often I've had websites complain that the input password is too complex, and I have to dial down the settings.
Creating a password is as easy as clicking generate in my password manager - y'all should use one too
This is the only way. Except some services don’t even accept those randomly generated ones. Only a slight inconvenience to add whatever special character they want or to trim the length.
Inconvenience? More like incompetence… they should let me use æøéüôñ🍕&/ in my passphrase
And not in the user’s last X passwords!
And doesn’t contain their name, address etc!
And changes every X days!
Literally writing code to do this rn, even tho I pushed back with modern theories… IT security “experts” set policy using just enough knowledge to be dangerous
One of the banned words hardcoded previously was “monkey”, needless to say I am proud to carry on this tradition
Nothing enrages me more than a password character limit. Thank you for making sure my password is LESS secure with your idiotic requirements based on security recommendations that are at least a decade old.
How about… an undisclosed character limit? We’ll just keep telling you your password is invalid until you figure out the max length.
Let the users enter as many characters as they want and silently crop the password to a few characters.
Fun fact, this is a feature of Lemmy:
Someone please submit a PR
Just move to kbin.
I would give up before I figured that out and find some other service to use.
banks using EXACTLY 8 character passwords 💀 (srsly)
Try this simple and fun game to practice your password creation skills :^) https://neal.fun/password-game/
Convince me this isn’t just training someone’s pet algorithm the same way we’ve all been trained to accept training the CAPTCHAs.
WAKE UP COMPILERS (It is a fun game though)
My bank requires your password to contain NO vowels. I always forget when I update the password (forced to every 3 months) and the error never mentions it.
I'm struggling to think why this would be a thing. The only guess I have is someone was told to enforce "no dictionary words in a password" and saw that as an 'easier' way to implement?
One one hand it reduces the total # of characters needed to brute force which is bad. On the other hand, like you said, it makes it so dictionary attacks are weaker - which is good
Although I think you could just get a regular dictionary, remove the vowels, and it would probably work just fine
So ultimately? I think stupid decision
obligatory XKCD
I get so irrationally mad about passwords now, and then it’s like every 3 months, no matter what password phrase I come up with, with whatever non-sensual special characters and spaces added in, it’s compromised in some hack, so no matter how good your password is, they’ll just get it from the source anyways.
I just use the KeePassXC password generator. :)
Way too often I've had websites complain that the input password is too complex, and I have to dial down the settings.
Creating a password is as easy as clicking generate in my password manager - y'all should use one too
This is the only way. Except some services don’t even accept those randomly generated ones. Only a slight inconvenience to add whatever special character they want or to trim the length.
Inconvenience? More like incompetence… they should let me use æøéüôñ🍕&/ in my passphrase
And not in the user’s last X passwords! And doesn’t contain their name, address etc! And changes every X days!
Literally writing code to do this rn, even tho I pushed back with modern theories… IT security “experts” set policy using just enough knowledge to be dangerous
One of the banned words hardcoded previously was “monkey”, needless to say I am proud to carry on this tradition
Twitter!
Reminds me of “The Password Game” 😂
Who's using it? I'll just use that account.
Just reset your username using your password