1039
submitted 8 months ago by anders@rytter.me to c/memes@lemmy.ml

Brute force protection

@memes

you are viewing a single comment's thread
view the rest of the comments
[-] kryptonianCodeMonkey@lemmy.world 129 points 8 months ago

And label the text box "username" when it only accepts email address.

[-] helpImTrappedOnline@lemmy.world 61 points 8 months ago

Don't forget to have hidden password requirements and secretly truncate any password longer than 12 characters.

[-] kautau@lemmy.world 31 points 8 months ago

Well yeah, if you don’t truncate the password to 12 chars how will you fit the plaintext in a memory efficient fixed latin1 CHAR column that only accepts letters, numbers, and underscores

/s

[-] Buddahriffic@lemmy.world 3 points 8 months ago

Battle.net used to not be case-sensitive for passwords, back in like the pre-wow era.

[-] helpImTrappedOnline@lemmy.world 1 points 8 months ago

Intresting. At least they got their act together, even making a physical totp authenticator in the 2000s.

[-] gravitas_deficiency@sh.itjust.works 13 points 8 months ago* (last edited 8 months ago)

And then validate the email with a custom regex that definitely doesn’t account for all the valid syntax permutations defined by the several email-oriented RFCs

[-] MoonMelon@lemmy.ml 3 points 8 months ago

Only on mobile though, on desktop have different criteria. Perhaps give the text box an arbitrary max length of like 30 characters on sign-in but not on account creation.

[-] flambonkscious@sh.itjust.works 10 points 8 months ago

You guys are evil - who shat on your pillow??

[-] bruhduh@lemmy.world 6 points 8 months ago
[-] JokerCharlie@lemmy.zip 2 points 8 months ago
this post was submitted on 13 Mar 2024
1039 points (100.0% liked)

Memes

45719 readers
728 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS