You must use at least two forbidden characters
-
I needed to change the password to a certain hosting provider.
I tried changing my password to
g.QN}2kJtZ^?.dMt
Where are the forbidden characters?
-
@Zemm It's probably upset about you not balancing your curly braces. You monster.
-
@Zemm I had that problem yesterday. I generated a 20-char password with KeePass that apparently wasn't "secure" enough, but the site I was on wouldn't tell me what rule I'd violated.
Password enforcement sucks.
-
@Onyx Put some PHP code inside the braces and see what happens!
-
@mott555 One day I'd like to find a webapp that handles my favorite username '"\'\";%20☃. Note the zero-width joiner between 0 and ☃.
NB I wrote one and it still doesn't handle ☃ correctly. Fucking mysql and 'multibyte'. I need to rebuild it in postgresql or something.
-
I had to change my password on a site recently, and when I included a character they had forbidden (because it was an idiotic site that rejects all special characters) the password strength bar went weak. When I removed it, it went strong immediately.
-
@Zemm said in You must use at least two forbidden characters:
I tried changing my password to g.QN}2kJtZ^?.dMt
Where are the forbidden characters?I see g,Q,N,2,k,J,t,Z,d,M and t as forbidden The rules are clear: at least one of a or z, one of A or Z, and one of 0 or 9. Try with A!z@a#Z^0&9.
-
@Zemm I'd answer that, but trying to read the neon-green-on-grey text is literally making my eyeballs bleed.
-
@Zemm
These rules are completely over the top! How is one supposed to remember any password besideshunter2
anyway?Filed Under: Maybe
hunter2
works as a password. You should try it
-
@AyGeePlus said in You must use at least two forbidden characters:
my favorite username '"\'\";%20☃
https://webscale.local.lubar.me/user/20
Password:
password
Edit: fixed the "can view email address" query crashing the page because it returned null.
-
@ben_lubar Ha! I managed to select that zwnjs!
(It's not blue because apparently screenshots de-focus the window or something)
-
@Tsaukpaetra I can select it too, but it doesn't turn blue at all because it's zero-width.
(and copy it and paste it, too, which is how I know for certain that I selected it.)
-
@mott555 said in You must use at least two forbidden characters:
@Zemm I had that problem yesterday. I generated a 20-char password with KeePass that apparently wasn't "secure" enough, but the site I was on wouldn't tell me what rule I'd violated.
Password enforcement sucks.
I told the story before where I actually wrote the guys responsible for something like that and received the answer:
By not telling you the password rules we're making it even more secure!
-
I never found out which character was forbidden. I generated a new password without specials and added
!!
to the end, which worked. That must have been the only character they tested with!?
-
@Onyx said in You must use at least two forbidden characters:
not balancing your curly braces.
More secure this way!
-
@Tsaukpaetra said in You must use at least two forbidden characters:
select that zwnjs!
In the documentation for our API there's that character in the example JSON which is easy to copypasta. Postman does flag it (since it is invalid whitespace) but our API completely barfs on it with a nonsensical error. Haven't had an opportunity to fix it yet.
-
@Zemm : Its "perfectly clear". The only allowed "symbols" are the ones they list.
-
@Ancient__Hacker said in You must use at least two forbidden characters:
@Zemm : Its "perfectly clear". The only allowed "symbols" are the ones they list.
Uh, all the characters where on the list. I even copied the list and pasted on the end of a password without other special characters.