this post was submitted on 27 Nov 2023
262 points (97.8% liked)

Technology

59285 readers
4747 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
262
Largest Study of its Kind Shows Outdated Password Practices are Widespread (www.cc.gatech.edu)
submitted 11 months ago by [email protected] to c/[email protected]
48 comments fedilink hide all child comments
 

Largest Study of its Kind Shows Outdated Password Practices are Widespread::undefined

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 24 points 11 months ago (3 children)

I am tired of websites imposing limitations on passwords, but not sharing what those are. I use a password generator, and rarely know if Unicode characters are allowed, if there's a limit on the number of characters, etc.

I've come across websites where dashes "-" are forbidden. My banking website only allows a maximum of 16 characters. Sometimes there's a note below the password box, sometimes they don't tell you until your password fails, and sometimes they don't ever tell you. If I don't know what the restrictions are, I'll end up throwing a cheap password at it until I can find out what's acceptable.

[–] [email protected] 4 points 11 months ago

Sometimes the limits they tell you are wrong. Sometimes they truncate your password without telling you. Sometimes the app has different requirements than the website.

[–] [email protected] 4 points 11 months ago (1 children)

Sometimes they change the requirements, so a password that once had symbols no longer works, and you can't log in anymore.

[–] [email protected] 2 points 11 months ago

Even better! They'll sometimes tell you the wrong error message like my bank used to before they redesigned the front end and backend. I couldn't change my password there for the longest time because it kept telling me my password was not between 5-8 characters long (yes it was). Turns out I couldn't use a - in my password. I'm glad they finally updated to to a longer password but I still can't use a - in my password.

[–] [email protected] 3 points 11 months ago

Banking having the incredibly low character max is insane. I made a new account recently and I wanted to use the Bitwarden passphrase generation, but even 2 words could make it too long. Plus the push for 2 factor auth with everything including crap like streaming, except they just want to email me after I've given my very strong passwords already...