“Password length mustn't exceed seventeen characters.”
Why? Why do some Web sites still have this rule? It's 2018. We should be using passwords of at least twenty-four characters. This is crap.

  • 5
    It’s probably that their SQL scheme doesn’t let them do that?
  • 1
    @Jameslikestea Most likely, yes, but changing that to accommodate lengthier passwords clearly isn't too difficult.
  • 4
    @Jameslikestea which means they've made their own password hashing algorithm which means they most likely have a few security issues
  • 4
    @Jameslikestea I don't get it, no matter how long your passwords are, the hash produced will always be of the same length.

    It clearly indicates that they following poor standards. As long as secure hashing algorithms are used, password length shouldn't matter at all. Of course there should be minimum length but not the opposite.
  • 9
    Please my online banking only allows 6 Characters and prohibits you from using ^¥[| and shit like that. But they wanted to school me on cyber security. Fucking Sparkasse
  • 2
  • 2
  • 6
    @CaptainJuers it fascinates me that some banks have terrible solutions for login.

    In Norway banks use something called BankID, a national login system. It’s a multi factor security.

    I login to the bank, choose BankID on mobile. I enter my birthday and phone number. The bank generates two words for me to verify.
    I open my phone, I get a popup with the two same words as the bank has. I click accept, and have to enter my personal pin. It thinks for a while, and voila, I’m logged in.

    This works on all governmental sites, banks, insurance companies, some shops if I buy something on credit, and some online payment APIs.

    More info
  • 2
  • 1
    @ChainsawBaby Thats pretty sophisticated. Can you vote through the governement sites? Or is it just for further information on legislatory buisness?
  • 1
    @CaptainJuers nope, no online voting, yet.
  • 2
    Man I've come across sites that don't allow special characters
  • 7
    Ah, yet another website that stores its passwords in plain 🙃
  • 3
    Even worse are JS wrappers for login forms that prohibit pasting passwords.
  • 3
    @bahua hell yeah! that and forms with right clicks disabled. Jesus!
  • 0
    For reference, an example of a pretty good password is as follows: “lX3eV2mC1onSquee'zZZ'yir#D3lici007u::;$” .

    Please don't actually use this.
  • 2
    @bigus-dickus ahh yes, but they may not know that! Some “engineers” don’t know their ass from their elbow
Add Comment