this post was submitted on 24 Jun 2024
441 points (98.0% liked)

Asklemmy

43945 readers
576 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 5 months ago (2 children)

Not bad, but I could see that creating passwords that are too long for some systems, and it would be vulnerable to dictionary attacks. Also, what would you do when the site requires a password reset?

Maybe do your strat, but only do every other, or every 3rd letter as a short word, and use a Caesar cipher, incrementing the cipher once each time you have to reset? Sounds kinda fun, but I don't think most sane people would do that... Open to ideas though.

[–] [email protected] 4 points 5 months ago (1 children)

I've come across several sites with abhorrently short password limits, as low as 12.

Worse, 2 of them accepted the longer password, but only saves the first n characters, so you can't log in even with the correct password, untill you figure out the exact max length and truncate it manually.

Even worse, one of those sites was a school authentication site, but it accepted the full password online and only truncated the password on the work computer login. That took me an entire period to suss out.

[–] [email protected] 5 points 5 months ago

You just gave me a flashback to a system I encountered as a student where my password got truncated, so I couldn't log in. I had to ask the teacher what to do, expecting her to have access to a reset or something, but she just told me what my password was. It was like 3 and a half words, clearly truncated and stored in plain text.

[–] [email protected] 1 points 5 months ago

I personally just use a pw manager. If I used them system myself, the alphabet words would probably be strings of characters that aren’t real words and I’d probably salt them too. But yeah I imagine you could run into size limits, which is a problem.

I just wanted to share a pw strategy that seemed interesting. I used a simple pattern to make the concept easier to understand.