you forgot that you can only use a selection of special characters from a pre approved list of 10.
Comment on My password is not accepted because it is too long
Buffalox@lemmy.world 1 month ago
Your password MUST contain big and small letters, and contain at least 1 number character and 1 spacial character, it MUST be 8 characters long, and it MUST be typed on a German Cherry keyboard between 8-9 PM, using ONLY 1 finger while blindfolded and listening to ABBA music.
This is because of something called entropy we never even read about so we have zero understanding of it.
Making all these possibilities OPTIONAL would actually make for safer passwords (higher entropy), as would using multiple words separated by spaces. Then only meaningful way to accept a password would be to test it against common bad passwords, and test the entropy to determine acceptable levels. There is no good reason a password couldn’t be 10 words and at least 127 characters. There is no way that should stress a properly designed modern system.
funkless_eck@sh.itjust.works 1 month ago
WanderingThoughts@europe.pub 1 month ago
Had that yesterday.
“Must use special characters!”
“Okay, no problem. Here you go.”
“Not that one! It’s too special!”
“Dude, I haven’t even touched extended ASCII yet.”
Trainguyrom@reddthat.com 1 month ago
A pre-approved list of 10 which THEY DON’T EVEN TELL YOU WHAT THEY ARE
0x0@lemmy.dbzer0.com 1 month ago
I love when there are so many rules that my first few randomly-generated passwords are rejected.
AA5B@lemmy.world 1 month ago
Even worse, when you can’t figure out why, or how to configure the generator, then end up having to type your own anyway
Irelephant@lemm.ee 1 month ago
genuinely, whats up with not being able to use spaces?
Buffalox@lemmy.world 1 month ago
I think it’s originally because of bad programming. It’s so incredibly stupid I don’t have words.
RedditRefugee69@lemmynsfw.com 1 month ago
I like the ones that just tell you your password strength.
Subtle shaming of bad passwords without giving bad actors hints as to what the minimum (and thus most likely) password is.
Kushan@lemmy.world 1 month ago
You have described all of the guidelines that NIST, Microsoft, GCHQ and a few other institutions now recommend for password security.
And yet I still have to have this argument with so-called security engineers and my favourite, compliance officers.
Buffalox@lemmy.world 1 month ago
Because they are morons that don’t understand entropy.
Requiring at least 1 number increases entropy less than simply allowing the use of numbers, and then recommending it.
But most password queries are lousy at describing what’s allowed when creating it, and they generally don’t describe it at all when you enter it for access.
The second part can be crucial for remembering exactly how the password was created, because what is now required, used to often not even be possible to use!