Cybersecurity - Memes

2148 readers

1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago

MODERATORS

[email protected]

Obscure password requirements (feddit.org)

submitted 5 months ago by [email protected] to c/[email protected]

104 comments fedilink hide all child comments

What is your favourite password rule?

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 1 month ago

Keepassxc Password generator.

[–] [email protected] 2 points 5 months ago

"One of the characters of your chosen password was used in the same position 12 password-changes ago, but I won't tell you which"

[–] [email protected] 1 points 5 months ago

If your password requirements make me not use a password generated by my password manager, you should rethink your requirements.

[–] [email protected] 1 points 5 months ago

One that I loved was that you couldn't set any from a list of "common passwords"... You couldn't include anything from that list in any password you used. So if the list included the word "green" then "3875429$##&!32++_@greenbean2284&$@" would be rejected.

What's on the list? (Shrugs)

Good luck!

[–] [email protected] 2 points 5 months ago (3 children)

"Sorry, this password is too long"

Literally gotten this error before. So annoying. It was like 18 characters.

[–] [email protected] 2 points 5 months ago

I had one site limit my password to 8 characters long

[–] [email protected] 1 points 5 months ago

That could either mean they want to limit DDOS traffic caused by absurd long passwords, but unlikely.
Or they store your passwords in plain text instead of a proper hash value in their way to small fields in database.

A more absurd possibility would be if they limit characters because they send the form by GET instead of POST and everybody could see your password in the URL (e.g. in all logs).
Security nightmare in any case.

[–] [email protected] 1 points 5 months ago

That's the worst. I already made a meme about it last week.

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago)

I'm sorry, but passwords must be unique across the entire platform. The one you entered matches [email protected]. Please try again.

[–] [email protected] 0 points 5 months ago

Change your password every three months

[–] [email protected] 0 points 5 months ago (2 children)

Here's a useful password helper that should meet all requirements

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago)

It's the password game, isn't it. Edit: Yup, its the password game.

[–] [email protected] 0 points 5 months ago

That was fun, thanks for sharing.

[–] [email protected] 1 points 5 months ago (2 children)

at what point do password requirements start making password easier to crack?

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago)

They invariably do. They always constrain the list of things that a fully random generator could possibly make. They never add to that list.

Even rules like "can't use the same character twice in a row" constrain the list at least a little. That one makes it harder for dumb people to do dumb things, but also makes it harder for smart people to do smart things.

[–] [email protected] 0 points 5 months ago

They already do. If I know a number is required, I don't have to try any passwords that don't have a number.

load more comments