What are some of the most unhinged (good or bad) password requirements/rules you've seen? (lemmy.world)

submitted 1 day ago by zlatiah@lemmy.world to c/asklemmy@lemmy.world

86 comments fedilink hide all child comments

Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.

Not name-and-shaming, but the best one I've seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password...

you are viewing a single comment's thread
view the rest of the comments

[-] weker01@sh.itjust.works 14 points 1 day ago

Extremely limited password length. I think it was around 6 or 8 characters. Exactly! So every password was the same length.

No other requirements. The best part? It was a bank. But not a customer facing service.

[-] Treczoks@lemmy.world 8 points 1 day ago

Banks are amazingly bad at digital security. I once was in a bank (where my wife had an account) where they used first generation wireless keyboards. The ones that did not encrypt anything and could be received to a distance of up to 10m, more if you had a better antenna. I told them about the security issues, but they did not understand. I went to the newspaper agent and bought the newest edition of a computer magazine that had detailed descriptions of how to eavesdrop on those keyboards, returned to the bank, and handed them the article. Which featured exactly their keyboard model as the title photo. I told them "If you don't understand this, it's fine, but then give it to the person responsible for your IT and security, they should know how to deal with this."

Next time we were there, they still had the insecure keyboards. Yes, the IT department had told them that they should replace them with wired ones, but they rejected it, because the wireless ones were sooo convenient. Our next move was to close my wifes' account there.

[-] Kanzar@sh.itjust.works 8 points 1 day ago

My bank had a limit of six characters, for the customer facing login. Oops.

[-] coaxil@lemm.ee 3 points 1 day ago

Westpac?

[-] Kanzar@sh.itjust.works 4 points 1 day ago

Yes 🤭

[-] coaxil@lemm.ee 1 points 1 day ago

Haha knew it. Redic parameters

[-] joenforcer@midwest.social 2 points 1 day ago

Not sure but I think Schwab did it too.

this post was submitted on 09 Jan 2025

70 points (100.0% liked)

Ask Lemmy

27391 readers

926 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have fun

Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'

This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spam

Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reason

Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.

It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.

Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.