• RhynoplazEnglish
    1303 months ago

    “Your selected password is already being used by SwiftyFan05. Please choose another password.”

  • @m_f@midwest.socialEnglish
    693 months ago

    Somebody isn’t sanitizing their inputs properly. Like putting a bandaid on a heart attack

  • .DonutsEnglish
    363 months ago

    Lol I recently have found the opposite!

  • slazer2auEnglish
    293 months ago

    they don’t specify a limit so 64 character password it is.

  • @cley_faye@lemmy.worldEnglish
    123 months ago

    64 characters picked at random in [a-zA-Z0-9_] is perfectly fine if password is your only option. Special character do not increase significantly the difficulty of bruteforcing it, but introduce the risk of having to manually type "}à.å÷Â!!ç-×ô@¸Á¢±ãÕß>>úÓ}¼º¤«<_`àÅû§Æ]*ÂñçÌÿ§à®&ܱ=Ú-´ð¹é$.>=;Ö if something goes catastrophically wrong.

  • @Buffalox@lemmy.worldEnglish
    83 months ago

    It’s actually nice they have underscore. 😀
    Yes because if you choose 8 characters at random, with 25 small + 25 big letters and 10 numeric, it* only 60^8 = 167,961,600,000,000 combinations.
    I think the problem is more if the system allows brute force with thousands of erroneous attempts.
    Then statistically any hacker can attempt several accounts, and ultimately get lucky. But by all means, put the responsibility to the user, users are the experts right!?
    I never got the frantic excessive entropy mindset, when the problem is much simpler to not allow crackers endless attempts. You can allow 50 attempts, and chances would be very slim to guess even pretty moronic passwords.

    What’s even worse is when they REQUIRE big and small and numbers to maximize entropy, they actually make statistically FEWER attempts necessary to brute force it.
    A standard Microsoft introduced in the 90’s, and FUCKING almost everybody is using, despite it’s a 100% moronic requirement.
    Instead just warn against passwords that can be guessed by logic, or can be found in a dictionary.

    • Steve DiceEnglish
      113 months ago

      Most websites don’t allow multiple failed logins and, even if they did, the network latency alone would make brute force attacks useless. The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes. Having different passwords for every website also protects against this so, as usual, the answer is “just use a password manager”.

      • @Buffalox@lemmy.worldEnglish
        -13 months ago

        just use a password manager

        I will never do that, I have a system instead. I never understood why people would want to use a password manager. To me it seems it ads an attack vector, where you could lose EVERYTHING!

        • Steve DiceEnglish
          43 months ago

          I guarantee your system is less secure than the worst password manager. Humans are inherently bad at choosing passwords, or anything to do with randomness really.

        • @frezik@midwest.socialEnglish
          13 months ago

          Passwords suck as an authentication system in general. Your own system is probably worse than what password managers do. Yes, there are problems, but so does every other solution to this, and password managers win out in the comparison.

          • @Buffalox@lemmy.worldEnglish
            03 months ago

            Your own system is probably worse than what password managers do.

            How so? If you use a password manager across 3 platforms, that makes for 3 attack vectors.
            My personal system has guaranteed no vulnerabilities. So how do you conclude my system is worse?

            • @frezik@midwest.socialEnglish
              03 months ago

              My personal system has guaranteed no vulnerabilities

              If you think that’s true, then you don’t have the experience to make a secure system.

              • @Buffalox@lemmy.worldEnglish
                03 months ago

                What? What kind of system do you think I have? The only vulnerability is if they can hack my brain.

                • @frezik@midwest.socialEnglish
                  03 months ago

                  Yeah, that’s going to be a terrible system. The human brain isn’t capable of keeping track of enough entropy to create a secure password system.

                  More generally, it’s a big red flag when anybody thinks they can make a better system than publicly available and verified systems. You’re not capable of that, I’m not capable of that, Bruce Schneier is not capable of that. No matter how smart you are, you missed something. That’s why I didn’t need to know a single detail.

      • @Buffalox@lemmy.worldEnglish
        -33 months ago

        The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes.

        Seems a bit stupid if a database of passwords or other sensitive information can be brute forced.

        • Steve DiceEnglish
          63 months ago

          Please clarify what you mean because your comment is giving me these vibes.

          1000014915

  • @expatriado@lemmy.worldEnglish
    73 months ago

    recently did one that only cared about being very long, so i typed thispasswordisfuckinglong and it took it

  • @chuckleslord@lemmy.worldEnglish
    53 months ago

    I mean, 63^6 is a lot of possibilities, but just make the password longer to increase its security.

    Blocking out special characters is dumb, but as others have pointed out, they’re probably not sanitizing inputs.

  • @squid_slime@lemm.eeEnglish
    33 months ago

    I hate these arbitrary limitations of 16 characters, 25 is unbreakable and some sites won’t allow longer than 16 20, I’ve even had one site not allow over 6.