this post was submitted on 25 Aug 2024
12 points (92.9% liked)

Cybersecurity - Memes

3207 readers
3 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world
12
Obscure password requirements (feddit.org)
submitted 11 months ago by cron@feddit.org to c/cybersecuritymemes@lemmy.world
35 comments fedilink hide all child comments
 

What is your favourite password rule?

you are viewing a single comment's thread
view the rest of the comments
[–] Ephera@lemmy.ml 2 points 11 months ago (1 children)

My 'favorite' password rules are incorrect rules. Recently signed up to a service, which looked like it hasn't been updated since the 90s. They sent me my password via letter, but hey, I was allowed to change it digitally.

So, I did. I set it to a reasonably long password (probably something like 22 characters), with no problems.

Then I went to login and it refused my login. I copied my password out of my password manager, for both setting it and logging in, so there was no way that it was wrong. I quadruple checked the login name, but no luck.

Eventually, I manually typed the password from my password manager. Then I saw it, their password field stopped accepting inputs after about 20 characters.
Presumably, I was able to set my long password on the registration page, but the login page did not accept this long of a password. Fucking ace.
I had to order another password letter.

[–] bleistift2@sopuli.xyz 3 points 11 months ago

As a website developer, it’s easy to just use the 'maxlength' attribute on fields you don’t want to exceed a certain length (for valid reasons or not). But then exactly this happens: A user pastes something in there, doesn’t notice that their input got truncated, and something, somewhere breaks.

'maxlength' is terrible user experience.