Cybersecurity - Memes

2015 readers

2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

848

Password length requirement (feddit.org)

submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/cybersecuritymemes

171 comments fedilink hide all child comments

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 33 points 4 months ago (17 children)

worst i've seen is 8 characters. precisely 8 characters, no more no less........ it was for a bank ....

[–] [email protected] 16 points 4 months ago (5 children)

A major US bank that I used to use has case insensitive passwords, found that out one day when I noticed caps lock was on after logging in with no trouble

[–] [email protected] 12 points 4 months ago (4 children)

Makes you wonder if they store the password in plain text, or convert to lower key during your first input so it's at least hashed. I wouldn't be surprised if it's not.

[–] JustAnotherRando 4 points 4 months ago* (last edited 4 months ago)

I don't think it could be hashed if it is case insensitive. It's fairly early so I may be misremembering but I'm not aware of any hashing algo that ignores case.

Edit: Ah, actually they could be storing the password as a hash, but they would probably have to do like a password. ToLower() call or something where they morphed the string before checking... The thought of which just makes me shudder.

load more comments (3 replies)

load more comments (14 replies)