you forgot that you can only use a selection of special characters from a pre approved list of 10.
Comment on My password is not accepted because it is too long
Buffalox@lemmy.world 3 weeks ago
Your password MUST contain big and small letters, and contain at least 1 number character and 1 spacial character, it MUST be 8 characters long, and it MUST be typed on a German Cherry keyboard between 8-9 PM, using ONLY 1 finger while blindfolded and listening to ABBA music.
This is because of something called entropy we never even read about so we have zero understanding of it.
Making all these possibilities OPTIONAL would actually make for safer passwords (higher entropy), as would using multiple words separated by spaces. Then only meaningful way to accept a password would be to test it against common bad passwords, and test the entropy to determine acceptable levels. There is no good reason a password couldn’t be 10 words and at least 127 characters. There is no way that should stress a properly designed modern system.
funkless_eck@sh.itjust.works 3 weeks ago
WanderingThoughts@europe.pub 3 weeks ago
Had that yesterday.
“Must use special characters!”
“Okay, no problem. Here you go.”
“Not that one! It’s too special!”
“Dude, I haven’t even touched extended ASCII yet.”
Trainguyrom@reddthat.com 3 weeks ago
A pre-approved list of 10 which THEY DON’T EVEN TELL YOU WHAT THEY ARE
0x0@lemmy.dbzer0.com 3 weeks ago
I love when there are so many rules that my first few randomly-generated passwords are rejected.
AA5B@lemmy.world 3 weeks ago
Even worse, when you can’t figure out why, or how to configure the generator, then end up having to type your own anyway
Irelephant@lemm.ee 3 weeks ago
genuinely, whats up with not being able to use spaces?
Buffalox@lemmy.world 3 weeks ago
I think it’s originally because of bad programming. It’s so incredibly stupid I don’t have words.
RedditRefugee69@lemmynsfw.com 3 weeks ago
I like the ones that just tell you your password strength.
Subtle shaming of bad passwords without giving bad actors hints as to what the minimum (and thus most likely) password is.
Kushan@lemmy.world 3 weeks ago
You have described all of the guidelines that NIST, Microsoft, GCHQ and a few other institutions now recommend for password security.
And yet I still have to have this argument with so-called security engineers and my favourite, compliance officers.
Buffalox@lemmy.world 3 weeks ago
Because they are morons that don’t understand entropy.
Requiring at least 1 number increases entropy less than simply allowing the use of numbers, and then recommending it.
But most password queries are lousy at describing what’s allowed when creating it, and they generally don’t describe it at all when you enter it for access.
The second part can be crucial for remembering exactly how the password was created, because what is now required, used to often not even be possible to use!