this post was submitted on 18 Aug 2024
831 points (98.8% liked)

Cybersecurity - Memes

1902 readers
12 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world
831
Password length requirement (feddit.org)
submitted 1 month ago* (last edited 1 month ago) by cron to c/cybersecuritymemes@lemmy.world
171 comments fedilink hide all child comments
 

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[–] SSJMarx@lemm.ee 27 points 1 month ago (3 children)

similarly:

make a new account

use password manager to generate a strong random password

"your password must contain at least one special character (! @ # $ % ^ or &)"

[–] primrosepathspeedrun@lemmy.world 14 points 4 weeks ago (2 children)

but not 2! and not THAT special character! and...

[–] Agent641@lemmy.world 16 points 4 weeks ago* (last edited 4 weeks ago) (2 children)

"Ope, sorry, that password is already in use by pu55ysl4y3r69420@gmail.com. Please choose a different one!"

[–] PraiseTheSoup@lemm.ee 7 points 4 weeks ago

I would thank you to quit publishing my email address in public forums for no reason.

[–] primrosepathspeedrun@lemmy.world 5 points 4 weeks ago

OOPS we think this password is too long for you to remember, try again! and change it again in a month. your best buy account that we forced you create and are going to have a data breach on in about fifteen minutes is VERY IMPORTANT AND MUST BE SECURE

[–] pixelscript@lemm.ee 6 points 4 weeks ago (2 children)

I just reset my password with Southwest Airlines today. They had both the stupid 16 character limit and the stupid list of permitted special characters. But they also had the perplexing criterion that the first character of the password specifically couldn't be one of those permitted special characters.

Literally why.

[–] subignition@fedia.io 3 points 4 weeks ago (1 children)

Poor input sanitization probably.

[–] pixelscript@lemm.ee 1 points 4 weeks ago (1 children)

I'm not saying it was a soft rule where the form refused to validate my input. It was an actual, fully-described rule in the bulleted list among the other rules. For whatever reason they specifically went out of their way to enforce it. And I cannot fathom why they would.

[–] subignition@fedia.io 1 points 4 weeks ago

I understood what you meant, it doesn't change my answer though

The back-end environment could have at least a few ways to screw things up if, for example, they were passing the password thru a shell script to hash it and had poor sanitization of the input

!, #, and $ can be particular troublemakers at the start of a string, there's probably more I'm not aware of too.

[–] primrosepathspeedrun@lemmy.world 1 points 4 weeks ago

when CEOs make security policy.

[–] milicent_bystandr@lemm.ee 2 points 4 weeks ago

Your password must contain at least one swear word.

[–] funkless_eck@sh.itjust.works 1 points 4 weeks ago

I hate that, why can't I use something like £ or Ł?