Why I hate password policies...

box.net believes this password ("f_z"l/++WJ#;"=\P3sV<zl5q) is too weak, as it does not contain either SPACE, > or <.


P.S. except it even does! Still, the webform canot cope with REAL passwords...

· · Web · 1 · 0 · 0

Sorry for keeping going on but the webform finds this password: zZ?S*C>O?7dgY7 "Weak".
It also finds this one 8B2AI6 "Fair".

What have those webdevs smoked?

@spaetz for the lulz, do they also don't support passwords larger than 32 chars?

@joao I don't even dare to try it out. Their website might burn down if I do ...

@spaetz my favorite password snafu was when my bank changed their online interface and system, for online banking and in the process reduced the number of chars in a password that they supported to 20.

My password was over 50 chars. So I was locked out because the new system did not supported that.

@joao I would claim that any system that limits the password length to a specific maxiumum size is broken. They should be hashed and crunched client-side anyway and never reach the main databases in clear anyway.

Sign in to participate in the conversation

Hello! mas.to is a general-topic instance. We're enthusiastic about Mastodon and aim to run a fast, up-to-date and fun Mastodon instance.