Guess the WTF from the password requirements
-
@Dreikin said in Guess the WTF from the password requirements:
I've never understood wtf that restriction ever existed.
there's only one reason for forbidding any characters.
Handling passwords wrong.
As far as i'm concerned the only hard rules for passwords that are valid are:
- Must be at least X characters (to enforce at least a minimum entropy)
- Must not be longer than Y characters (where Y is as big as possible without exposing you to a password has DOS, 100-500 characters is a good range for this, 64 is acceptable, less than that and i will assume you are mishandling passwords)
you can add in a few rules to try and up the entropy of passwords, stuff like no number sequences, no bare dictionary words, upper and lowecases required, if you want but don't forbid characters or i will assume you are handling passwords wrong.
-
@accalia said in Guess the WTF from the password requirements:
there's only one reason for forbidding any characters.
Handling passwords wrong.I don't mind much if they forbid newlines, tabs or NULs…
-
@dkf said in Guess the WTF from the password requirements:
@accalia said in Guess the WTF from the password requirements:
there's only one reason for forbidding any characters.
Handling passwords wrong.I don't mind much if they forbid newlines, tabs or NULs…
if you can figure out how to enter them as part of your password, you should bleep bleepity bleep bleeping well be able to use them.
-
@Medinoc said in Guess the WTF from the password requirements:
not too similar
You can detect if your password is identical to an old one without storing them in plain text. but can you say if they are "similar"?
-
@fbmac read the whole post. He said you have to type the expiring password on the same page. Boom, plaintext
-
@accalia said in Guess the WTF from the password requirements:
if you can figure out how to enter them as part of your password, you should bleep bleepity bleep bleeping well be able to use them.
What's the for?
-
@antiquarian said in Guess the WTF from the password requirements:
@accalia said in Guess the WTF from the password requirements:
if you can figure out how to enter them as part of your password, you should bleep bleepity bleep bleeping well be able to use them.
What's the for?
tANGERine
see?
:-P
-
-
@antiquarian said in Guess the WTF from the password requirements:
@accalia said in Guess the WTF from the password requirements:
tANGERine
see?E_SPELLAR_NOT_FOUND
funny story. i actually use it because of the discoursistent natire of discourse's emoji autocomplete that it would more or less constantly replace
:anger:
with:tangerine:
for me, when they fixed the bug i kept using because it made me giggle.and now you know the -dramatic pause- rest of the story </PaulHarvey>
-
@accalia that wasn't a Paul Harvey dramatic pause, tha was a Shatner... dramatic... pause.
-
@Arantor said in Guess the WTF from the password requirements:
@accalia that wasn't a Paul Harvey dramatic pause, tha was a Shatner... dramatic... pause.
no, that what a Calculon dramatic pause in the middle of a Paul harvey impersonation. :-P
really, you got to know the difference between a Calculon DRAMATIC PAUSE! and a shatner........ pause.
see?
-
@accalia The difference is subtle but important. Good listening!