Programmer Humor

32291 readers

37 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

[email protected]

1109

Passwords are insecure (programming.dev)

submitted 6 months ago by [email protected] to c/[email protected]

98 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 39 points 6 months ago (4 children)

We have the worst password policy I’ve ever dealt with at my current employer.

[–] [email protected] 44 points 6 months ago (1 children)

Create a new account every time?

[–] [email protected] 24 points 6 months ago (3 children)

Change password every day, and the required password length and complexity increases each time you change your password.

[–] [email protected] 23 points 6 months ago

Password game irl

[–] [email protected] 4 points 6 months ago

Bitwarden has a password generator that you can set criteria for, been really helpful with one of my janky logins

[–] [email protected] 2 points 6 months ago

Are you sure you’re not working for a scam call center?

(Piped)

[–] [email protected] 7 points 6 months ago (1 children)

My bank has, for being a bank, very very bad character support. Best thing is, I'm basically gonna work for that bank.

[–] [email protected] 15 points 6 months ago (3 children)

For years my bank only allowed numerical passwords. The maximum length was 8.

They changed it somewhat recently.

[–] [email protected] 9 points 6 months ago

But they had a strict lockout policy, right? Right?

[–] [email protected] 2 points 6 months ago

me when my bank is less secure than a fucking door lock

[–] [email protected] 2 points 6 months ago

One of the largest banks in Australia (Westpac) used to require passwords to be exactly 6 characters (no more, no less) and they were case insensitive. It also had a fun 'denial of service' attack built-in: If you got it wrong three times, it'd lock the account and force you to go to the bank to unlock it, meaning anyone that knew your bank username could lock you out of your account and cause some pretty big headaches. Fun.

In fact, I'm not sur whether they ever fixed this. Haven't used their services in a long time.

[–] [email protected] 6 points 6 months ago

The highly regarded password policy of my last employer was one of the many things that pushed me over the edge and made me leave for greener pastures. I had to manage something like 9 different passwords, with the main one having changed to 16 chars min with all of the usual number/symbol/CAP requirements.

[–] [email protected] 6 points 6 months ago

My employer software has us log in with just our password, no username. I don't know exactly what's going on in the backend but I know I don't like it.