this post was submitted on 09 Sep 2024
587 points (99.5% liked)

Programmer Humor

19623 readers
3 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

Edit: @Successful_Try543@feddit.org solved it. It says "one special character". Not "at least one".

(page 2) 50 comments
sorted by: hot top controversial new old
[–] addie@feddit.uk 8 points 2 months ago (2 children)

Well now. When we've been enforcing password requirements at work, we've had to enforce a bizarre combination of "you must have a certain level of complexity", but also, "you must be slightly vague about what the requirements actually are, because otherwise it lets an attacker tune a dictionary attack against you". Which just strikes me as a way to piss off our users, but security team say it's a requirement, therefore, it's a requirement, no arguing.

"One" special character is crazy; I'd have guessed that was a catch-all for the other strange password requirements:

  • can't have the same character more than twice in a row
  • can't be one of the ten-thousand most popular passwords (which is mostly a big list of swears in russian)
  • all whitespace must be condensed into a single character before checking against the other rules

We've had customers' own security teams asking us if we can enforce "no right click" / "no autocomplete" to stop their users in-house doing such things; I've been trying to push back on that as a security misfeature, but you can't question the cult thinking.

[–] Wizard_Pope@lemmy.world 5 points 2 months ago (1 children)

Why do they think no copy paste is safer?

load more comments (1 replies)
[–] Monstera@lemmy.ml 5 points 2 months ago (1 children)

no right click/aueocomplete

what a nice way of breaking password managers!

[–] Midnitte@beehaw.org 2 points 2 months ago

"Password managers are insecure because then all your passwords are just under one password" - Some higher up

[–] __init__@programming.dev 6 points 2 months ago

If you have to try really hard to meet their password requirements, that’s how you know it’s super secure.

[–] Angry_Autist@lemmy.world 3 points 2 months ago

You are using a special character that is likely reserved internally

[–] NigelFrobisher@aussie.zone 3 points 2 months ago (2 children)
load more comments (2 replies)
load more comments
view more: ‹ prev next ›