this post was submitted on 14 Jul 2023

0 points (50.0% liked)

Technology

77084 readers

2287 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

Passwords (lemmy.world)

submitted 2 years ago by 8tpercent@lemmy.world to c/technology@lemmy.world

26 comments fedilink hide all child comments

We've all been there.

top 26 comments

sorted by: hot top controversial new old

[–] mudmaniac@lemmy.world 1 points 2 years ago

For those wanting to play this as a game, there is this wonderfully fiendish website.

https://neal.fun/password-game/

Rule 13 Your password must include the current phase of the moon as an emoji.

[–] Affidavit@aussie.zone 1 points 2 years ago

Sorry, you must have a special character. Oh... Not THAT special character, it has to be a special special character, that one isn't valid. Ah, no, that one's too long. It should be shorter. It needs to be between 11 and 11.5 characters.

Half the time I now just enter random nonsense until it lets me create an account. Then, when I want to access a website/app again, I just 'forget' my password and reset it to some other random nonsense.

[–] lunaticneko@lemmy.ml 1 points 2 years ago

That password is already in use by user 'gigachad'.

[–] SevenDigitCode@lemmy.world 0 points 2 years ago (1 children)

My favorite, though, is:

types in password "Password incorrect" goes to reset password "please enter a new password" types in password "your new password cannot be the same"

[–] stephen01king@lemmy.zip 0 points 2 years ago (1 children)

That just means you entered it wrong the first time.

[–] stepone@lemmy.world 0 points 2 years ago (1 children)

It often means that one could have derived the correct password from the set of rules - but those rules are not shown when asking for the old password

[–] 5too@lemmy.world 1 points 2 years ago

Exactly this. I want to normalize showing the password requirements when you don't immediately get the password - if you made me jump through hoops the first time, at least remind me what they were!

[–] FluffyPotato@lemmy.world 0 points 2 years ago (1 children)

The worst one is when it only supports up to like 16 characters but doesn't tell you so it will only use the first 16 characters and ignore the rest. The next time you need to enter it and get the 64 character password from your password manager it will just say it incorrect and you're left with no idea on why it's wrong.

[–] dlok@lemmy.world 0 points 2 years ago (1 children)

Holy shit you might have just explained why I have to reset my password every time for a local fast food joints own website

[–] Doug@midwest.social 1 points 2 years ago

So secure even you don't know the password. It's like built in MFA.

[–] zeppo@lemmy.world 0 points 2 years ago (3 children)

“Sorry, that password is already in use” ruins it for me. That’s not a realistic message to receive.

Maybe “Your password cannot be one you’ve used previously”.

[–] nowwhatnapster@lemmy.world 1 points 2 years ago (1 children)

Should be: "your password cannot be one of your last 24 passwords"

[–] VindictiveJudge@lemmy.world 1 points 2 years ago

Especially for those places that want your password changed every two weeks.

[–] Buddahriffic@lemmy.world 1 points 2 years ago

It follows the vein of some of the password rules and feedback reducing security itself. Like why disallow any characters or set a maximum password length in double digits? If you're storing a hash of the password, the hash function can handle arbitrary length strings filled with arbitrary characters. They run on files, so even null characters need to work. If you do one hash on the client's side and another one on the server, then all the extra computational power needed for a ridiculously long password will be done by the client's computer.

And I bet at least one site has used the error message "that password is already in use by " before someone else in the dev team said, "hang on, what?".

[–] mrmanager@lemmy.today 0 points 2 years ago (1 children)

Should say by who. :)

[–] poplargrove@lemmy.world 1 points 2 years ago (1 children)

[–] mrmanager@lemmy.today 1 points 2 years ago

Now we are talking :)

[–] graphite@lemmy.world 0 points 2 years ago (1 children)

Password can't exceed 32 characters

Garbage

[–] Revan343@lemmy.ca 1 points 2 years ago

You think that's bad, a decade ago I had to use a government-run website that required passwords be exactly 8 characters

[–] average650@lemmy.world 0 points 2 years ago (1 children)

The worst part is that if they know that password is already in use.... then they aren't storing their passwords appropriately.

[–] teft@lemmy.world 1 points 2 years ago

You could store the passwords as hashes and just compare the hashed value.

[–] SpacedBear@lemmy.world 0 points 2 years ago (1 children)

Looks like someone's been playing the password game https://neal.fun/password-game/

[–] everythingsucks@lemmy.world 1 points 2 years ago

That game made me want to punch.

[–] complacent_jerboa@lemmy.world 0 points 2 years ago (1 children)

that password is already in use

lmao, "security" moment

[–] TORFdot0@lemmy.world 1 points 2 years ago (1 children)

Brute force user names instead of password. Big Brian moment

[–] complacent_jerboa@lemmy.world 1 points 2 years ago

Large Brian Moment, for real