this post was submitted on 09 Sep 2024
578 points (99.5% liked)

Programmer Humor

19965 readers
434 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
 

Edit: @Successful_[email protected] solved it. It says "one special character". Not "at least one".

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 23 points 4 months ago (2 children)

Your Internet Banking Password should one special character (~!@#%^&*)

Great grammar on their part.

[–] [email protected] 7 points 4 months ago

atleast a 5/10 in effort

load more comments (1 replies)
[–] [email protected] 48 points 4 months ago

If >1 special character is not allowed the last check should be failed . The second check is literally satisfied even if there are 2+ specials.

I'd not be using that bank.

[–] [email protected] 11 points 4 months ago* (last edited 4 months ago)

Please tell me someone didn't buy software with 'atleast' spelled like that in there. Please, tell me someone tested the web app and had the brains God gave a douglas fir and knew that wasn't a word; that it was never a word; that the writer's spell check should have picked that up; that it's not been over-ruled by stupid so much that it just takes it.

[–] [email protected] 9 points 4 months ago (3 children)

Well now. When we've been enforcing password requirements at work, we've had to enforce a bizarre combination of "you must have a certain level of complexity", but also, "you must be slightly vague about what the requirements actually are, because otherwise it lets an attacker tune a dictionary attack against you". Which just strikes me as a way to piss off our users, but security team say it's a requirement, therefore, it's a requirement, no arguing.

"One" special character is crazy; I'd have guessed that was a catch-all for the other strange password requirements:

  • can't have the same character more than twice in a row
  • can't be one of the ten-thousand most popular passwords (which is mostly a big list of swears in russian)
  • all whitespace must be condensed into a single character before checking against the other rules

We've had customers' own security teams asking us if we can enforce "no right click" / "no autocomplete" to stop their users in-house doing such things; I've been trying to push back on that as a security misfeature, but you can't question the cult thinking.

[–] [email protected] 5 points 4 months ago (1 children)

Why do they think no copy paste is safer?

[–] [email protected] 9 points 4 months ago

Because if you disable browser autocomplete, what's obviously going to happen is that everyone will have a text file open with every single one of their passwords in so that they can copy-paste them in. So prevent that. But what happens if you prevent that is that everyone will choose terrible, weak passwords instead. Something like September2025! probably meets the 'complexity' requirement...

load more comments (2 replies)
[–] [email protected] 22 points 4 months ago (1 children)
load more comments (1 replies)
[–] [email protected] 6 points 4 months ago

If you have to try really hard to meet their password requirements, that’s how you know it’s super secure.

[–] [email protected] 3 points 4 months ago

You are using a special character that is likely reserved internally

[–] [email protected] 56 points 4 months ago (1 children)

It says “one special character”. Not “at least one”.

oh. oh god. what the fuck.

load more comments (1 replies)
load more comments
view more: ‹ prev next ›