Is there a good technical reason to not allow passwords to contain special characters? My isp does this and I need to know why.

  • 7
    They store in plain text and they're idiots?
  • 7
    They have old shit
  • 0
    @Linux yes I understand it's an older approach. But why is it a valid approach? What about the old shit makes this constraint a viable solution?
  • 4
    @darkcode , its only viable in the sense that it works, it is completely retarded from a security perspective and the only possible technical justification would be that some ancient system that only supports 7bit ascii needs to do something with the passwords (but there isn't any way to justify having any system, old or new reading users passwords)
  • 2
    @darkcode it's not viable or valid. It's old and it's shit.
  • 3
    @ItsNotMyFault thank you, somewhat of an explanation.

    I understand it's old.
    I understand it's shit.

    I'm looking to understand the thought process that went into the decision. It's not like other devs have never seen the source, which means that multiple devs and product owners have let this decision remain as is. What are the possible reasons that made them all do that is what I want to understand.
  • 3

    For lots of managers security is only an issue after it has been breached, it can be very difficult to get permission to spend time replacing bad code if the bad code meets all formal requirements.
  • 3
    @ItsNotMyFault requirements, formal and informal, change as business and market dictates.

    Seems odd that this hasn't come up, considering the market perception shift in secure passwords over the last 24 months. I'm contemplating switching my isp as a result of this. As a consumer, I hesitate to trust an isp if they don't see the problem with an issue like this. Maybe my standards are too high.
  • 1
    @darkcode I'd say your standards are fine! Your gut feel is probably fine as well! Find another ISP ASAP.
  • 0
    They're an isp, can they really be that smart?
Add Comment