this post was submitted on 17 Jul 2023
160 points (88.5% liked)

Programmer Humor

19471 readers
1282 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
top 30 comments
sorted by: hot top controversial new old
[–] [email protected] 16 points 1 year ago (2 children)

Nothing enrages me more than a password character limit. Thank you for making sure my password is LESS secure with your idiotic requirements based on security recommendations that are at least a decade old.

[–] Ambiorickx 6 points 1 year ago (3 children)

How about… an undisclosed character limit? We’ll just keep telling you your password is invalid until you figure out the max length.

[–] ericjmorey 4 points 1 year ago* (last edited 1 year ago) (1 children)

Fun fact, this is a feature of Lemmy:

  • Lemmy has an undisclosed password limit of 60 characters.
  • Lemmy's signup form will silently truncate passwords longer than 60 characters to 60 characters.
  • Lemmy's login form will crash when passwords longer than 60 characters are submitted.

Someone please submit a PR

[–] [email protected] 1 points 1 year ago

Just move to kbin.

[–] [email protected] 3 points 1 year ago (1 children)

Let the users enter as many characters as they want and silently crop the password to a few characters.

[–] [email protected] 2 points 1 year ago

I would give up before I figured that out and find some other service to use.

[–] [email protected] 1 points 1 year ago

banks using EXACTLY 8 character passwords 💀 (srsly)

[–] [email protected] 13 points 1 year ago (1 children)

Try this simple and fun game to practice your password creation skills :^) https://neal.fun/password-game/

[–] [email protected] 2 points 1 year ago

Convince me this isn’t just training someone’s pet algorithm the same way we’ve all been trained to accept training the CAPTCHAs.

WAKE UP COMPILERS (It is a fun game though)

[–] [email protected] 11 points 1 year ago (1 children)

My bank requires your password to contain NO vowels. I always forget when I update the password (forced to every 3 months) and the error never mentions it.

[–] [email protected] 7 points 1 year ago (2 children)

I'm struggling to think why this would be a thing. The only guess I have is someone was told to enforce "no dictionary words in a password" and saw that as an 'easier' way to implement?

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

One one hand it reduces the total # of characters needed to brute force which is bad. On the other hand, like you said, it makes it so dictionary attacks are weaker - which is good

Although I think you could just get a regular dictionary, remove the vowels, and it would probably work just fine

So ultimately? I think stupid decision

[–] [email protected] 10 points 1 year ago
[–] [email protected] 7 points 1 year ago (1 children)

I just use the KeePassXC password generator. :)

[–] Acetamide 5 points 1 year ago

Way too often I've had websites complain that the input password is too complex, and I have to dial down the settings.

[–] paddirn 7 points 1 year ago

I get so irrationally mad about passwords now, and then it’s like every 3 months, no matter what password phrase I come up with, with whatever non-sensual special characters and spaces added in, it’s compromised in some hack, so no matter how good your password is, they’ll just get it from the source anyways.

[–] ParadoxSeahorse 5 points 1 year ago (1 children)

And not in the user’s last X passwords! And doesn’t contain their name, address etc! And changes every X days!

Literally writing code to do this rn, even tho I pushed back with modern theories… IT security “experts” set policy using just enough knowledge to be dangerous

One of the banned words hardcoded previously was “monkey”, needless to say I am proud to carry on this tradition

[–] [email protected] 1 points 1 year ago
[–] [email protected] 4 points 1 year ago

Reminds me of “The Password Game” 😂

[–] [email protected] 4 points 1 year ago (1 children)

I've seen some sites grade passwords from weak to strong instead of using explicit rules, but I'm not sure exactly how they're graded. Probably some sort of entropy approximation.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (2 children)

Probably some sort of entropy approximation.

That's exactly what it is, and that is the correct way to do it.

All those ridiculous letter/case/symbol/number rules come from guidelines written by Bill Burr for NIST 20 years ago. He has since stated that he regrets them, and NIST has abandoned them. Because they're actually counterproductive to security.

[–] [email protected] 5 points 1 year ago

NIST has abandoned them

Would that my IT department had gotten the memo. They think NIST is god-tier, even when our own CS department is like... yeah, no. And personally, having worked with NIST researchers in fields that aren't IT policy, I wonder how good their IT policy docs really are. The whole organization is bureaucracy getting in the way of good science and common sense.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Yup. Hard to remember, easy to guess. ~~Isn't Bill Burr a comedian, though?~~ Different Burr.

[–] PriorProject 4 points 1 year ago (1 children)

Sorry, that password is already in use.

Who's using it? I'll just use that account.

[–] [email protected] 3 points 1 year ago

Just reset your username using your password

[–] [email protected] 1 points 1 year ago (1 children)

Creating a password is as easy as clicking generate in my password manager - y'all should use one too

[–] [email protected] 0 points 1 year ago (1 children)

This is the only way. Except some services don’t even accept those randomly generated ones. Only a slight inconvenience to add whatever special character they want or to trim the length.

[–] [email protected] 1 points 1 year ago

Inconvenience? More like incompetence… they should let me use æøéüôñ🍕&/ in my passphrase

load more comments
view more: next ›