No repeats??? Like, you cant have ‘aaaa123@’ as a password?
You’re just making it easier to brute force…
Comment on My password is not accepted because it is too long
UpperBroccoli@lemmy.blahaj.zone 1 day ago
We have a customer, a big international corporation, that has very specific rules for their intranet passwords:
- Must contain letters
- Must contain numbers
- Must contain special characters
- No repeats
- Passwords must be changed every two months
- Not the same password as any of the last seven
- PASSWORDS MUST BE EXACTLY EIGHT CHARACTERS LONG
I can only assume that whoever came up with these rules is either an especially demented BofH, or they have some really really weird legacy infrastructure to deal with.
OmegaLemmy@discuss.online 1 day ago
ILikeTraaaains@lemmy.world 1 day ago
Since the password has to be changed every two months, I would assume that it means no repeating previously used passwords.
TrippaSnippa@aussie.zone 1 day ago
It also says “must not be the same as any of the last seven passwords used” so I can only take “no repeats” to mean no repeated characters.
ILikeTraaaains@lemmy.world 1 day ago
You’re right, I didn’t noticed the 7 passwords line.
blacia@lemmy.blahaj.zone 1 day ago
I worked in IT for a big national company for a short time. Passwords rules were : at least 8 characters, at least one uppercase letter, at least one number, change password every 2/3 months and different than the 3 previous ones. Several workers had a post-it on the screen with the 4 passwords they use. One of them had name of child and year of birth, I don’t know if it was his children or his relatives’ children too.
drewcarreyfan@lemm.ee 1 day ago
I am a designer, but I once did a project with a very very major and recognizable tech corporation that, no joke, implemented an 8 character limit on passwords for storage reasons.
This company made in the tune of tens of billions of dollars per year, and they were penny-pinching on literal bytes of data.
I can’t say who it is, but their name begins with ‘M’ and ends in ‘cAfee.’
JackbyDev@programming.dev 1 day ago
If password length affects storage size then something has gone very wrong. They should be hashed, not encrypted or in plaintext.
Kissaki@feddit.org 1 day ago
Whoever the company is, we have to assume it’s not a security company. Because, surely, none of those would do that ever.