this post was submitted on 09 Sep 2024
578 points (99.5% liked)

Programmer Humor

19570 readers
1620 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

Edit: @Successful_[email protected] solved it. It says "one special character". Not "at least one".

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 2 months ago (4 children)

Well now. When we've been enforcing password requirements at work, we've had to enforce a bizarre combination of "you must have a certain level of complexity", but also, "you must be slightly vague about what the requirements actually are, because otherwise it lets an attacker tune a dictionary attack against you". Which just strikes me as a way to piss off our users, but security team say it's a requirement, therefore, it's a requirement, no arguing.

"One" special character is crazy; I'd have guessed that was a catch-all for the other strange password requirements:

  • can't have the same character more than twice in a row
  • can't be one of the ten-thousand most popular passwords (which is mostly a big list of swears in russian)
  • all whitespace must be condensed into a single character before checking against the other rules

We've had customers' own security teams asking us if we can enforce "no right click" / "no autocomplete" to stop their users in-house doing such things; I've been trying to push back on that as a security misfeature, but you can't question the cult thinking.

[–] [email protected] 5 points 2 months ago (1 children)

no right click/aueocomplete

what a nice way of breaking password managers!

[–] [email protected] 2 points 2 months ago

"Password managers are insecure because then all your passwords are just under one password" - Some higher up

load more comments (2 replies)