564
Obscure password requirements (feddit.org)
submitted 3 weeks ago by cron@feddit.org to c/cybersecuritymemes@lemmy.world
108 comments fedilink hide all child comments

What is your favourite password rule?

you are viewing a single comment's thread
view the rest of the comments
[-] joeldebruijn@lemmy.ml 27 points 3 weeks ago* (last edited 3 weeks ago)

Got this site once stating "passwords can't contain parts of username" icw a 64 character pw.

And usenames like "daneelolivaw" block passwords with

da an ne ee el...

dan ane nee eel ...

dane anee neel.... etc in them

[-] lurch@sh.itjust.works 18 points 3 weeks ago

If I was a bad guy and saw this, I would look for users with many different charaters in long names and brute force them, because there's a high chance they just removed all characters in their names from the pool to generate a password, making it faster to go through the leftover combinations.

[-] Blue_Morpho@lemmy.world 7 points 3 weeks ago

Fine, the hacker can see I ordered vegetable vindaloo last Friday. There's no credit card information stored.

For banks, make your password requirements as hard as you want. For everyone else, I feel like the developers are LARPING as security professionals to make their boring job making web pages for local businesses interesting.

[-] Promethiel@lemmy.world 4 points 3 weeks ago

For everyone else, I feel like the developers are LARPING as security professionals to make their boring job making web pages for local businesses interesting.

Wdym my 128 bit password enabled, passkey preferred, https domaines, encryption-within-box standards-meeting secure emailing webserver powered WordPress website for my little kid's school PTA organization isn't a viable attack vector? Of course not, you see the web firewall...

[-] Trainguyrom@reddthat.com 2 points 3 weeks ago

Funny you should mention a firewall, a friend who works IT at the county shared how they had to unplug the 911 vendor's systems from theirs (killing 911 service for the county of course) because they hadn't updated their firewall for years. They informed the vendor "since you haven't done your due diligence in updating anything, we are unplugging this. You can figure out the legal ramifications for yourself" so the vendor then flew someone out the next day to update it all

[-] leisesprecher@feddit.org 4 points 3 weeks ago

That's absolutely understandable, since rdaneelolivaw would be the correct username.

[-] joeldebruijn@lemmy.ml 2 points 3 weeks ago

That's what my friend Giskard said. ๐Ÿ˜

[-] Tar_alcaran@sh.itjust.works 1 points 3 weeks ago

Always upvote Asimov!

this post was submitted on 25 Aug 2024
564 points (98.5% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world