Public
- Public
- Groups
- Recent tags
- Popular
- Directory

Conversation:

Notices

Chimo (chimo)'s status on Wednesday, 19-Jul-2017 16:40:02 EDT Chimo
Remote profile options...

What kind of braindead password requirements are those?!

* "maximum of 12 characters"

* "must start with a letter"

* Symbol set limited to 11 different symbols

ffs, people… http://sn.chromic.org/attachment/328464

Wednesday, 19-Jul-2017 16:40:02 EDT from sn.chromic.org at 45°25'15"N 75°41'24"W permalink
1. Joshua Judson Rosen (rozzin)'s status on Wednesday, 19-Jul-2017 20:12:39 EDT Joshua Judson Rosen
  Remote profile options...
  
  @chimo, I've dealt with systems like that; it often means that they're storing your password in cleartext and(!)/or interconnecting multiple systems that each failing to sanitize their inputs in at least one of those ways.
  
  Wednesday, 19-Jul-2017 20:12:39 EDT from status.hackerposse.com permalink
  1. Joshua Judson Rosen (rozzin)'s status on Wednesday, 19-Jul-2017 20:15:34 EDT Joshua Judson Rosen
    Remote profile options...
    
    @chimo for example, SSO sytems with an old #IRIX box somewhere in the mix can't enforce ">8-char passwords" and sometimes enforce "<=8".
    
    Wednesday, 19-Jul-2017 20:15:34 EDT from status.hackerposse.com permalink
2. Joshua Judson Rosen (rozzin)'s status on Wednesday, 19-Jul-2017 20:32:22 EDT Joshua Judson Rosen
  Remote profile options...
  
  @chimo, "passwords must start with a letter" probably means "cleartext storage" + either "generating code + not sanitizing" or "using the wrong cmp operator". There have been many cases throughout computing history where "starts with a digit" meant "parses as numeric", for example.
  
  Wednesday, 19-Jul-2017 20:32:22 EDT from status.hackerposse.com permalink

Public

Conversation:

Notices

Feeds