22
irby
5y

So, among the ridiculously long list of password requirements, password is not case sensitive BUT it has to contain uppercase and lowercase letters?

Comments
  • 11
    So it has to be either 7 or 8 in length?

    Seems like a anti-ux joke
  • 0
    Shiddy passwerd policey, haha!
  • 4
    @alexbrooklyn It was nerve racking because I struggled to come up with passwords on my own. But, get this: the site did provide an auto password generator, but half of the passwords it generated didn't even meet requirements.
  • 3
    Ummm excuse me but wtf. I can understand that there is a requirement for a minimum length so users don't use asd or somthing. But I can't stand websites creating stupid rules for their passwords. They don't make shit secure. Maybe they help not so experienced users to find passwords but for me, since I'm using a selfwritten program that spits out passwords for the given domain (based on hashing and salting) I usually have long and random passwords. And then there come those sites that max out passwords at 32 chars top. Even my password that I can remember in my brain is longer than that. Seriously fuck website owners and their password bullshittery
  • 7
    All I see here is guidelines for building a brute force tool. With a max of eight characters, they're hardly necessary though.
  • 3
    🤪 They keep thier passwords in the clear.

    have fun looking for the sql injection!
  • 2
    Except for the last 3 rules, this policy is pure BS
  • 4
    Well, after a point, the more rules you create the easier it gets to brute force the shit.
  • 2
    No problem, just add one more rule.

    At least one non unicode character.
  • 1
    @Voxera Do you mean add non-unicode as in, now you can't possibly create a password

    -or-

    now one character has to be one of those invalid values in each table?
  • 1
    @Pyjong pick one ;)
  • 0
    @K4R71K ??? Copy what?
  • 1
    Is there a place in the web which collects such password rules and gives them a wtf rating?
    There should be!

    My suggestion:
    www.wtfpasswordrules.com
  • 1
    I found a site once that didn't tell you there was a maximum length and instead just stripped those characters off on submission so your password was short enough. When I discovered what was happening I was livid.
Add Comment