this post was submitted on 14 Jul 2023
1179 points (92.1% liked)

Technology

59581 readers
4728 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

We've all been there.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 1 year ago (2 children)
[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 6 points 1 year ago
[–] [email protected] 6 points 1 year ago (1 children)

The number of times I've gone through that only to have it fail without explanation when I exceed the length limit - forcing me to guess if that must be the issue - is FAR higher than it should be.

And fuck any system that doesn't provide the criteria up front.

[–] [email protected] 8 points 1 year ago (2 children)

Also fun is when the field to initially set the password is also character limited and you choose a password that’s longer than the field but don’t notice until you’ve set it and get repeated login failures afterward

[–] [email protected] 7 points 1 year ago

Yeah that nearly makes me want to smash something when it happens. Anyone that silently truncates passwords should NOT do it, or at least truncate the creation AND login forms. Just say the limit and give a error, or handle extra input the way you're supposed to in the enceyption algorithm and hash it to to the correct length. A length limit of say, the amount of bits the encryption key has, like 32/64/128 chracters for 256/512/1024 bit, is reasonable, any other limit is stupid.

load more comments (1 replies)
[–] [email protected] 6 points 1 year ago (1 children)

Is there any actual services that check if the password is already in use?

I've heard that some really obscure website even told you who used that exact password, because the CEO of the company owning said website complained for not having it, then the IT company who made the website had to add it. (If you ask: it was some Hungarian-owned website, and not space Karen's 1000IQ idea)

load more comments (1 replies)
[–] [email protected] 6 points 1 year ago

As a sysadmin, can I just say: BAD PASSWORD: more than 3 consecutive characters of the same class

[–] [email protected] 5 points 1 year ago

This is why one of my passwords is something like forFUCKSAKE123$#!

[–] [email protected] 5 points 1 year ago (3 children)

Fifty fucking cabbages, the 2023 version

load more comments (3 replies)
[–] [email protected] 4 points 1 year ago (2 children)

I know the frustration. Fucked up part is that all that crap makes it least secure not more.

load more comments (2 replies)
load more comments
view more: ‹ prev next ›