Learn More
Resend Email
8
passwordhash
7y

It's gotten to the point where I am legitimately impressed when I can tell a service is hashing their passwords.

All of these unnecessary complications of "must not have more than 2 of the same character in a row" but "can't be more than 12 characters" requirements make me think that the passwords are being saved in plain text.

Amazon and Dropbox do it right - present the user with an input box and no requirements printed anywhere.

undefined

password requirements

passwords

hashing
Favorite
Ranter
Comments
  • 3
    7y
    Hashes are not infallible, that's why md5 or sha1 aren't as prevalent nowadays mainly because of the number of collisions that have been found. It's only a matter of time before the same thing happens with sha256 etc .... biometric data isn't much better tbh. The best way to have a secure password nowadays is to use a pass phrase not a word.
  • 9
    7y
    That's a battery staple.
  • 2
    7y
    @Geekology Fingerprints and retinas are already useless anyways when it should do more than buy enough time, some face recognition systems were cracked too.

    And the rest is just a question of time.
  • 3
    7y
    Yeah @passwordhash talking about password hashing ... I see what u did
  • 2
    7y
    If anyone is using a hash like md5, sha1, sha256, or sha3 for passwords, they should be fired. They're simply too fast. Use a hash built for password hashing.
  • 3
    7y
    @teganburns it's faster but not better IMO. Password complexity is the the key. Even 2factor auth has been bypassed. Use complex pass phrases and change them regularly. That's the only way to keep your data secure.
  • 0
    7y
    @teganburns and there is the problem, you get notified after the they have already gained access. Signing into one account gives you access to all related accounts. All it takes is for them to change your password and you have lost everything. Keeping separate pass-phrases at least ensures that not all accounts can become vulnerable. And remember, pass phrases not passwords. I've worked in cyber security for a few years so I know where vulnerability can be found and what's safe, no matter what new tech or mechanism the safest approach is still pass-phrases, and I'm talking about a good long phrase not just two words.
  • 0
    7y
    @DLMousey Damn you! I was going to say that!
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment