this post was submitted on 18 Aug 2024
847 points (98.8% liked)

Cybersecurity - Memes

1993 readers
2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
847
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/cybersecuritymemes
 

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[–] faltryka 142 points 3 months ago (36 children)

This is my biggest pet peeve. Password policies are largely mired in inaccurate conventional wisdom, even though we have good guidance docs from NIST on this.

Frustrating poor policy configs aside, this max length is a huge red flag, basically they are admitting that they store your password in plan text and aren’t hashing like they should be.

If a company tells you your password has a maximum length, they are untrustable with anything important.

load more comments (33 replies)