464
submitted 2 months ago* (last edited 2 months ago) by qaz@lemmy.world to c/mildlyinfuriating@lemmy.world

Just take the string as bytes and hash it ffs

you are viewing a single comment's thread
view the rest of the comments
[-] magic_lobster_party@fedia.io 197 points 2 months ago

There’s a special place in hell for those who set an upper limit in password lengths.

[-] CeruleanRuin 53 points 2 months ago

Oh and also, "change this every four weeks please."

Okay then. NEW PASSWORD: pa$$word_Aug24

[-] fritolay@lemmy.one 20 points 2 months ago

Invalid password, maximum 13 characters.

[-] JustARegularNerd@lemmy.world 6 points 2 months ago
[-] dch82@lemmy.zip 7 points 2 months ago

Only a maximum of 3 digits allowed

[-] rain_worl@lemmy.world 1 points 2 months ago

password must not start with digit

[-] CaptPretentious@lemmy.world 4 points 2 months ago

Yep. Having to have requirements that doesn't flow with people very well and requiring constant updates, people WILL find shortcuts. In the office, I've seen sheets of paper with the password written down, I've seen sticky notes, I've seen people put them in notepad/word so they could just copy paste.

This is made worse, because you have to go out of your way for a password manager, which means you need to know what that is. And you need a good one because there has been (and I'm going to generalize here) problems with some password managers in the past. And for work, they have to allow a password manager for that to even be an option. Which you then end up with this security theater.

[-] rekabis@lemmy.ca 3 points 2 months ago

And you need a good one because there has been problems with some password managers in the past.

coughLastPasscough

“Problems”. What an delightfully understated term to use.

[-] Discover5164@lemm.ee 3 points 2 months ago

the password cannot contains the same sequences of characters as the old password.

and i have seen this requirement in a service that requires changing it every month for some reasons.

and this is to manage a government digital identity that allows to log it in all governments websites.

[-] PM_me_your_doggo@lemmy.world 1 points 2 months ago* (last edited 2 months ago)

the password cannot contains the same sequences of characters as the old password.

That's a weird way to say "we store your password in plaintext"

[-] blackstrat@lemmy.fwgx.uk 2 points 2 months ago

Not necessarily. Presumably the change password form requires entering the old and new password at the same time. Then they can compare the two as plain text and hash the old password to make sure it matches, then if so, hash the new password and overwrite it. Passwords stored hashed, comparison only during the change process. A theme on this is checking password complexity rules during the login process and advising to update to something more secure. It's possible because you're sending the password as plain text (hopefully over a secure connection), so it can be analysed before computing the hash. This even works if the hash is salt and peppered.

load more comments (72 replies)
this post was submitted on 26 Aug 2024
464 points (95.5% liked)

Mildly Infuriating

35459 readers
213 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago
MODERATORS