564
Obscure password requirements (feddit.org)
submitted 3 weeks ago by cron@feddit.org to c/cybersecuritymemes@lemmy.world
108 comments fedilink hide all child comments

What is your favourite password rule?

you are viewing a single comment's thread
view the rest of the comments
[-] bleistift2@sopuli.xyz 25 points 3 weeks ago

As a website developer, it’s easy to just use the 'maxlength' attribute on fields you don’t want to exceed a certain length (for valid reasons or not). But then exactly this happens: A user pastes something in there, doesn’t notice that their input got truncated, and something, somewhere breaks.

'maxlength' is terrible user experience.

[-] Ephera@lemmy.ml 13 points 3 weeks ago

Yeah, thinking about it now, I could've probably tried removing the maxlength attribute to see if the server accepts the longer password.

[-] Tar_alcaran@sh.itjust.works 10 points 3 weeks ago

That doesn't sound like it should work, but probably would..

[-] Lifter@discuss.tchncs.de 8 points 3 weeks ago

That wouldn't have been (as much of) a problem if the initial password form also truncated the input. The mismatch is the problem.

[-] bleistift2@sopuli.xyz 6 points 3 weeks ago

Let’s say “you wouldn’t have noticed there was a problem if there was no mismatch”. But then a few years later that max length gets dropped or increased and suddenly your password, which has always worked, isn’t accepted anymore, because now you’re pasting 2 extra characters.

I was also not talking about password fields, exclusively. Pasting stuff like customer identifiers or zipcodes into maxlength’d fields also begs for surprises, especially when you can’t see the whole input when you’re done with it.

[-] MystikIncarnate@lemmy.ca 0 points 3 weeks ago

I understand why stored information, such as passwords, usernames, stuff like that, has to have a max character count.

What I don't get is why so many people are so daft as to let stuff like this happen, and not even put the maximum password length anywhere people can obviously see it.

If you tell me what the maximum limit is, I'll be able to keep my password shorter than that.

But no.... Password minimum length is shown, symbols, numbers and special character requirements are plainly stated. Maximums? Ha.

this post was submitted on 25 Aug 2024
564 points (98.5% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world