17 years ago, jeez. My credit Union’s website is like that. Only its between 8-12 characters. No more, no less.
It’s terrifying.
Comment on Please pick a password starting with ad and ending with min
Eiri@lemmy.world 3 months ago
You remind me of my bank about 17 years ago. Everyone had to have a 10-character password, exactly, and it had to include exactly 2 numbers and 1 symbol. I wasn’t very knowledgeable about computers at the time and it already felt dumb.
17 years ago, jeez. My credit Union’s website is like that. Only its between 8-12 characters. No more, no less.
It’s terrifying.
At that time my bank allowed up to 6 digits as a password. I kid you not, like a card PIN but for online banking login. I believe the whole banking security relies on their backoffices still running on paper.
That’s what my current bank uses for the web portal now to think of it. Client number, and 6-number PIN. I guess they’re only doing this because they really trust their “unusual activity” protocols, but I’ve got a feeling they really shouldn’t only rely on those.
Wogi@lemmy.world 3 months ago
A few years ago my ISP pushed an update to my router that changed the password requirements, invalidating my passwords. Because I couldn’t enter the old password I also couldn’t change the password. I had to do a factory reset.
JackbyDev@programming.dev 3 months ago
Feels odd to check the password requirements on the enter password screen in addition to the new password screen.
silasmariner@programming.dev 3 months ago
Might be checking the old password on the new password screen. Easy programming mistake to make I guess? Apply the same validation to all 3 password fields…
JackbyDev@programming.dev 3 months ago
Ahhh, good catch! You are probably a master of code reviews and QA!
Eiri@lemmy.world 3 months ago
Wow that’s a big oops
Glitterbomb@lemmy.world 3 months ago
ISP worker here. Our chosen routers default to an 8 digit password, the first 4 are the last 4 of the mac in hex, which anyone can easily see being broadcast by the wifi network. The last 4 are a part of a unique serial number, but its just 0-9. Ultimately, if you try to brute force this default password, you need 10000 tries. It takes a regular GPU 2 minutes with hashcat. It baffles my mind that companies think this is OK.