Yeah! Why can’t I use a base64 representation of a pirated 4k TS copy of Jon Favreau’s “Chef” as my password? /s
Jokes aside, I’ve heard some hashing algorithms have a high cap of like 20 characters, so developers are probably just too lazy to switch them out or to read the docs on how to properly use said algorithms. Either way it’s a very bad sign, maybe just a tad better than them emailing you the password in cleartext.
The worst I have seen recently is one with an eight character limit and support for only four specific special characters. I didn’t test if it was cap sensitive but it wouldn’t shock me if it was not. It is the invoicing portal for one of my clients. I wish that was the only technical atrocity committed by that abomination…it is not.
My bank used to require internet banking passwords to be exactly 6 alphanumeric characters. Turned out that the reason for that was that they used the same password for internet and phone banking, and by implication the passwords were actually just 6 numbers.
Yeah! Why can’t I use a base64 representation of a pirated 4k TS copy of Jon Favreau’s “Chef” as my password? /s
Jokes aside, I’ve heard some hashing algorithms have a high cap of like 20 characters, so developers are probably just too lazy to switch them out or to read the docs on how to properly use said algorithms. Either way it’s a very bad sign, maybe just a tad better than them emailing you the password in cleartext.
The worst I have seen recently is one with an eight character limit and support for only four specific special characters. I didn’t test if it was cap sensitive but it wouldn’t shock me if it was not. It is the invoicing portal for one of my clients. I wish that was the only technical atrocity committed by that abomination…it is not.
My bank used to require internet banking passwords to be exactly 6 alphanumeric characters. Turned out that the reason for that was that they used the same password for internet and phone banking, and by implication the passwords were actually just 6 numbers.
This was in the 2010s, mind you.
My work only recently did away with the requirement for passwords to be exactly 8 characters. This was due to the use of legacy mainframes afaik.