Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Eqb814508yCan't stress how important a good password is tough, too often i find passwords that could be guessed or cracked under 5 minutes.
-
@Letmecode I'd integrate that into my applications but can't find any really good solutions yet. Do you have tips?
-
@linuxxx there's a few ways that you can do that now, email like letmecode is talking about, authy onetouch (not really what its made for), oauth, or yubikey token are the ways i thought about it. But generally you can take the 2nd part of two-factor and get rid of the password to do passwordless auth just remember to think about the downfalls for each type. Email based - if their email is compromised theres no second way to protect an account. authy oneclick - is pretty good besides your client might get random request if they are getting hit, probably should put a rate limiter and make sure bots have a hard time entering an email in this case. oauth - same as email but with facebook, google+, etc if what they have linked is hacked no extra protection. Yubikey - requires hardware and is primarily security worker based
-
cornyg968yYou know what is worse though. When a service has a password max length less than 15 characters and does not allow special characters. I want to have a strong password, but nooo your stipidity/naiivety wont allow me. However the worst has to be what PayPal was doing for years, not allowing you to copy your password from a password manager. I am sitting there wondering why the fuck am i being punished for using a long nonsensical password, which "can't" be cracked? Straight up stopped using PayPal, no way in hell i am typing a 19 character long password everytime, which looks like @:~MГw9-... Yeah no thanks
-
@cornyg Copying passwords from a password manager to the PayPal site works now, but if your password is longer than 15chars you can't login afterwards. That's especially nice if you changed your password and now you are wondering why the fuck you can't login to PayPal anymore when you are using the exact same password from the password manager
-
sadjad10908yBet if you use 'beefstew' as password it will say that your password isn't stroganoff
Related Rants
One of the best rant I found on the web 😂
undefined
password
pain
security