482
Creating a password in 2023 be like (programming.dev)
submitted 1 year ago by likeaduck@programming.dev to c/programmerhumor@lemmy.ml
110 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] Sonotsugipaa@lemmy.dbzer0.com 38 points 1 year ago

Infuriating fact: if a service has maximum password length limits (lower than 1000 characters), they're reversibly storing your password and if they're that lazy it's probably plain text

[-] newsonic@lemmy.world 6 points 1 year ago

Nope. No point in storing > 256 or even 128 chars for a password anyway. Useless storage wasted. Also it doesn’t really mean they store the password badly in the server.

[-] peter@feddit.uk 18 points 1 year ago

A hashed password is always the same length though is it not?

[-] dan@upvote.au 3 points 1 year ago

The length limit is mostly for the user's sake - companies don't want people to set their passwords to 30+ character ones that they keep forgetting and call their tech support to reset.

[-] david@feddit.uk 2 points 1 year ago

That's really really really annoying, as someone who has a good, strong brain-based password algorithm and hates it when websites forbid my strong password forcing me to make an exception.

[-] conciselyverbose@kbin.social 8 points 1 year ago

Ignoring that they must be hashed to be acceptable and that it's not possible for 1000 characters of text to add up to a waste of storage worth mentioning in pretty much any environment, it's literally impossible for a 128 character password limit to be beneficial in any way.

A limit below that demonstrably lowers security by a huge margin.

[-] Sonotsugipaa@lemmy.dbzer0.com 4 points 1 year ago

Ok but are 15 characters too much?

I've seen 14-char limits, which are NOT reasonable

[-] totally_notAcat 2 points 1 year ago

there is at least one bank that I know of with a 12 character limit

[-] dan@upvote.au 3 points 1 year ago

There's a major bank in Australia that limited passwords to six characters. Exactly six. No more, no less. The passwords were also case-insensitive.

[-] totally_notAcat 2 points 1 year ago

Yikes, how do banks, of all things, have such low password limits...

load more comments (22 replies)
this post was submitted on 17 Jul 2023
482 points (100.0% liked)

Programmer Humor

32080 readers
259 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
cat_programmer@lemmy.ml