Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Please create a non-secure password.

⁨334⁩ ⁨likes⁩

Submitted ⁨⁨4⁩ ⁨months⁩ ago⁩ by ⁨FlyingSquid@lemmy.world⁩ to ⁨mildlyinfuriating@lemmy.world⁩

https://lemmy.world/pictrs/image/dfe6483a-c73e-47be-b173-1be6bad4cd21.png

source

Comments

Sort:hotnewtop
  • Rhynoplaz@lemmy.world ⁨4⁩ ⁨months⁩ ago

    “Your selected password is already being used by SwiftyFan05. Please choose another password.”

    source
    • Agent641@lemmy.world ⁨4⁩ ⁨months⁩ ago

      another_password

      source
  • m_f@midwest.social ⁨4⁩ ⁨months⁩ ago

    Somebody isn’t sanitizing their inputs properly. Like putting a bandaid on a heart attack

    source
    • scrubbles@poptalk.scrubbles.tech ⁨4⁩ ⁨months⁩ ago

      Whenever I see something like this I just laugh because you’re exactly right. Something isn’t being handled properly and their dev team just proved they don’t know how to do some basic handling. Every API library in JS and restful API I know of handle special characters. If they wanted they could base64 encode it over the wire. Then you’re exactly right, if the database “can’t handle it” more than likely it’s a home spun database connection where they’re serializing it themselves (which even then this is solvable), but even then that proves that they make poor choices.

      source
      • doeknius_gloek@discuss.tchncs.de ⁨4⁩ ⁨months⁩ ago

        if the database “can’t handle it” […] that proves that they make poor choices.

        Exactly, the database should never even have to handle the password in it’s original form and hashing algorithms don’t care about hashing special characters.

        source
      • SnotFlickerman@lemmy.blahaj.zone ⁨4⁩ ⁨months⁩ ago

        This is like when I was in my twenties working at a crappy grocery store with a MoneyGram inside of it. I live in Washington state, and at the time, if your last name was less than five characters, you would have asterisk’s in your license number. The MoneyGram system wanted people’s license numbers but was unable to recognize a license with an asterisk. It happened pretty rarely, but it always happened to people whose last names were four characters or less long. Five letters in your last name and you were gold.

        Anyway, Washington changed how it generates license numbers so its a moot point anyway but I don’t think MoneyGram ever spent a dime to fix this since it only affected a small number of people in one US state.

        source
        • -> View More Comments
      • OmegaLemmy@discuss.online ⁨4⁩ ⁨months⁩ ago

        Sometimes I wonder if I’m even fit for employment as a developer and then I see shit like this where I wonder who and what happened for this to even become an option?

        source
        • -> View More Comments
      • dual_sport_dork@lemmy.world ⁨4⁩ ⁨months⁩ ago

        Seems to be they’re dropping the passwords in the database in plain text, but they’re deathly afraid that someone will drop a '; in there or something and the insert will break.

        Notwithstanding that storing passwords in plain text is a slapping with the 10 foot rubber chicken, but mysqli_real_escape_string() or any number of other similar solutions are indeed a thing that exists. A prepared statement would work, too.

        source
        • -> View More Comments
    • Knossos@lemmy.world ⁨4⁩ ⁨months⁩ ago

      imgs.xkcd.com/comics/exploits_of_a_mom.png

      😂

      source
    • friend_of_satan@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Which is ridiculous because it’s going to hash down to the same character set. There’s no way they’re storing your password with special characters unhashed, right?

      source
      • m_f@midwest.social ⁨4⁩ ⁨months⁩ ago

        One can hope 🤞

        source
  • donuts@lemmy.world ⁨4⁩ ⁨months⁩ ago

    Lol I recently have found the opposite!

    Image

    source
    • groet@feddit.org ⁨4⁩ ⁨months⁩ ago

      Might be a minimum of 16 chars. Or the parsing is broken and treats the ’ as the end of the password

      source
      • teletext@reddthat.com ⁨4⁩ ⁨months⁩ ago
        [deleted]
        source
        • -> View More Comments
    • TheTechnician27@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Fandom is gross anyway. Contributing to independent wikis is a much better use of your time. getindie.wiki

      source
      • donuts@lemmy.world ⁨4⁩ ⁨months⁩ ago

        It’s not Fandom

        source
  • slazer2au@lemmy.world ⁨4⁩ ⁨months⁩ ago

    they don’t specify a limit so 64 character password it is.

    source
    • orclev@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Go all in, 1024 character password.

      source
      • SanctimoniousApe@lemmings.world ⁨4⁩ ⁨months⁩ ago

        They’ll accept it, but won’t tell you they ignored everything after character n, and their login page won’t take anything but the “correct” password so you’ll be spending some time figuring out the actual character count limit…

        source
        • -> View More Comments
      • frezik@midwest.social ⁨4⁩ ⁨months⁩ ago

        Bcrypt/Scrypt have a 72 byte limit. Developers can get around that by putting it through a regular hash first, but that’s not common.

        source
    • stevedice@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

      My previous bank forced 8 characters with only numbers and letters.

      source
  • miss_demeanour@lemmy.dbzer0.com ⁨4⁩ ⁨months⁩ ago

    Hunter2

    source
    • cm0002@lemmy.world ⁨4⁩ ⁨months⁩ ago

      I don’t get it, why did you type all asterisks‽

      source
      • Bazoogle@lemmy.world ⁨4⁩ ⁨months⁩ ago

        What’s not to get? He made his password 7 asterisks. Funny, because it’s the same as mine.

        source
        • -> View More Comments
  • SnotFlickerman@lemmy.blahaj.zone ⁨4⁩ ⁨months⁩ ago

    A great place for correcthorsebatterystaple, which is technically a very strong password.

    source
    • Whats_your_reasoning@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Some months back, there was a thread here on Lemmy where people were discussing western names written using Chinese characters. Phonetically, the names will sound alike. But meaning-wise, the characters will result in a Correct Horse Battery Staple-esque string of words.

      Which is why I have since decided to make passwords by typing random names into a Chinese name generator and using the English translated result.

      Sounds like a lot of work, but the way I see it, trying to think of new passwords is always work so I might as well have fun with it.

      source
  • cley_faye@lemmy.world ⁨4⁩ ⁨months⁩ ago

    64 characters picked at random in [a-zA-Z0-9_] is perfectly fine if password is your only option. Special character do not increase significantly the difficulty of bruteforcing it, but introduce the risk of having to manually type "}à.å÷Â!!ç-×ô@¸Á¢±ãÕß>>úÓ}¼º¤«<_àÅû§Æ]*ÂñçÌÿ§à®&ܱ=Ú-´ð¹é$.>=;Ö` if something goes catastrophically wrong.

    source
    • Duke_Nukem_1990@feddit.org ⁨4⁩ ⁨months⁩ ago

      Not being allowed to use special characters can be a sign of the website saving your password in plain text.

      source
      • cley_faye@lemmy.world ⁨4⁩ ⁨months⁩ ago

        It can be. Or it can be someone that had to deal with users (or was trained about it) and is limiting the chances of a user being kept out because they type something that looks like their password but isn’t, and then have to go to support.

        source
  • Buffalox@lemmy.world ⁨4⁩ ⁨months⁩ ago

    Yes because if you choose 8 characters at random, with 25 small + 25 big letters and 10 numeric, it* only 60^8 = 167,961,600,000,000 combinations.
    I think the problem is more if the system allow brute force with thousands of erroneous attempts.
    I never got the frantic entropy mindset, when the problem is much simpler to not allow endless attempts. You can allow 50 attempts, and chances would be very slim to guess even pretty moronic passwords.

    source
    • stevedice@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

      Most websites don’t allow multiple failed logins and, even if they did, the network latency alone would make brute force attacks useless. The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes. Having different passwords for every website also protects against this so, as usual, the answer is “just use a password manager”.

      source
      • purplemonkeymad@programming.dev ⁨4⁩ ⁨months⁩ ago

        The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes.

        I don’t think you need to worry about that in this case, the special character restriction suggests to me that they don’t hash it.

        source
      • Buffalox@lemmy.world ⁨4⁩ ⁨months⁩ ago

        The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes.

        Seems a bit stupid if a database of passwords or other sensitive information can be brute forced.

        source
        • -> View More Comments
      • Buffalox@lemmy.world ⁨4⁩ ⁨months⁩ ago

        just use a password manager

        I will never do that, I have a system instead. I never understood why people would want to use a password manager. To me it seems it ads an attack vector, where you could lose EVERYTHING!

        source
        • -> View More Comments
    • SwordInStone@lemmy.world ⁨4⁩ ⁨months⁩ ago

      what’s an example of password that can be guessed by logic?

      source
      • Buffalox@lemmy.world ⁨4⁩ ⁨months⁩ ago

        Something that can possibly be deduced, like a birth date.

        source
      • Rolder@reddthat.com ⁨4⁩ ⁨months⁩ ago

        hunter2

        source
  • ted@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

    Try this one, has lots of special characters: a_a_a_a_a_a_a_a

    source
    • stevedice@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

      This one too: _____________

      source
      • TriflingToad@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        or the entirety of the Bible with special characters removed and spaces replaced with underscores

        source
  • cupcakezealot@lemmy.blahaj.zone ⁨4⁩ ⁨months⁩ ago

    “for best results, your password should be the street you grew up on or your favourite book”

    source
  • expatriado@lemmy.world ⁨4⁩ ⁨months⁩ ago

    recently did one that only cared about being very long, so i typed thispasswordisfuckinglong and it took it

    source
  • squid_slime@lemm.ee ⁨4⁩ ⁨months⁩ ago

    I hate these arbitrary limitations of 16 characters, 25 is unbreakable and some sites won’t slow it.

    source
  • possiblylinux127@lemmy.zip ⁨4⁩ ⁨months⁩ ago

    Use a password manager

    source
  • chuckleslord@lemmy.world ⁨4⁩ ⁨months⁩ ago

    I mean, 63^6 is a lot of possibilities, but just make the password longer to increase its security.

    Blocking out special characters is dumb, but as others have pointed out, they’re probably not sanitizing inputs.

    source
  • stupidcasey@lemmy.world ⁨4⁩ ⁨months⁩ ago

    Ah, I’ve done that before, 1/100 odds it’s because someone doesn’t want to fuck with RegEx.

    source
  • sntx@lemm.ee ⁨4⁩ ⁨months⁩ ago

    You might want to try out: libraryofbabel.info/random.cgi

    source
  • random_character_a@lemmy.world ⁨4⁩ ⁨months⁩ ago

    It sed NO special characters!

    Image

    source