786
My password is not accepted because it is too long (feddit.org)
submitted 3 days ago by Kissaki@feddit.org to c/mildlyinfuriating@lemmy.world
213 comments fedilink hide all child comments

In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)

Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.

(page 3) 50 comments
sorted by: hot top controversial new old
[-] Treczoks@lemmy.world 6 points 3 days ago

I got a login on an IBM system. I logged in and moved to the change password mask. Changed my password to something filling out the 12 character new password field. Logged out, and got the login mask again. With an eight character password field.

[-] psx_crab@lemmy.zip 6 points 3 days ago* (last edited 3 days ago)

24 is fine, not as bad as 12 and no special character. That's honestly the worst one i've encounter.

my bank app doesn't allow copy paste so i can't have anything that long and hard to type, and they tend to request password login when transferring money.

load more comments (2 replies)
[-] sexy_peach@feddit.org 4 points 3 days ago

In password security, the longer the better.

This is only true up to a certain point

[-] Cris16228@lemmy.today 5 points 3 days ago

Explain please, I'm curious

load more comments (10 replies)
load more comments (1 replies)
[-] baltakatei@sopuli.xyz 5 points 3 days ago* (last edited 3 days ago)

In my opinion, an acceptable password length should be L in ln(alphabetSize^L)/ln(2) = (B bits of entropy). For a Bech32 character set (since it excludes ambiguous characters), alphabetSize = 32. A good password should have been 96 and 256 bits of entropy, with 128 bits being my personal preference. This means L = (B)*ln(2)/ln(alphabetSize) = 128*ln(2)/ln(32) = 25.6 = 26 characters.

That's… pretty close to what OP said they were restricted to, so maybe the person who set the 24 character restriction used a similar methodology.

[-] sanguinepar@lemmy.world 5 points 3 days ago

26 characters? Perfect!

abcdefghijklmnopqrstuvwxyz it is! And I'll use it for everything!

[-] spankmonkey@lemmy.world 4 points 3 days ago

That's the combination to my luggage!

load more comments (2 replies)
[-] TrickDacy@lemmy.world 4 points 3 days ago

I had this problem with a fucking bank once. Even better are the sites that silently chop off characters after the internal limit, on the backend, but don't tell you or limit the characters on the frontend. I had a really fun time with that last scenario once, resetting my password over and over and having it never work until I decided to just try a shorter password.

[-] possiblylinux127@lemmy.zip 3 points 3 days ago* (last edited 3 days ago)

There is little point of having a long password. Online accounts don't have the same issues as encryption

Edit: for those curious, here is my source https://cybersecuritynews.com/nist-rules-password-security/

My rationale is that online accounts typically don't get brute forced due to rate limiting and not protection. The NIST guidelines don't specify requirements for online accounts specifically but it does recommend a password of 16 characters in general. I don't really see any need to go above that as you are just making it harder on yourself.

[-] Irelephant@lemm.ee 3 points 3 days ago

Assuming a breach, and hashes are released, its significantly harder to bruteforce a long password.

Some (a lot) poorly set up websites may not even have a limit on password attempts, or cooldowns.

load more comments (1 replies)
load more comments (17 replies)
[-] Crashumbc@lemmy.world 1 points 2 days ago

What's the point? no one is brute forcing a 12-15 password if the login system has ANY login attempt protection anyway.

This seems like one of the extreme overkill things...

load more comments (3 replies)
[-] Ledericas@lemm.ee 2 points 3 days ago

a game i played doesnt allow special characthers or its too long.

load more comments (1 replies)
[-] Rhaedas@fedia.io 4 points 3 days ago

At one point years ago my work finally caught up with the 21st century and allowed creation of passwords longer than the fixed 8 characters it had always been. So I said great, made up something that was around 12 or so that I could remember. Until I logged into some terminal legacy programs we were still using and wouldn't take that length. So yeah, I went back to 8 characters that wouldn't break things. They eventually migrated away from such old programs and longer passwords became mandatory since they'd work everywhere, but I thought it was funny that briefly I tried to do the right thing but IT hadn't thought out the whole picture yet.

[-] fluckx@lemmy.world 4 points 3 days ago

You think that's infuriating? Imagine having an ISP that wants you to pick a password of max 8 characters.

load more comments (7 replies)
load more comments
view more: ‹ prev next ›
this post was submitted on 17 May 2025
786 points (100.0% liked)

Mildly Infuriating

39643 readers
140 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.

Rules:

1. Be Respectful

Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...

2. No Illegal Content

Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...

3. No Spam

Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...

4. No Porn/ExplicitContent

-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...

5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts

-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...

6. NSFW should be behind NSFW tags.

-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...

7. Content should match the theme of this community.

-Content should be Mildly infuriating.

-The Community !actuallyinfuriating has been born so that's where you should post the big stuff.

...

8. Reposting of Reddit content is permitted, try to credit the OC.

-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...

Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense

Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 2 years ago
MODERATORS
LillianVS@lemmy.world
STRIKINGdebate2@lemmy.world
Tenthrow@lemmy.world