this post was submitted on 02 Mar 2024
351 points (100.0% liked)

tails: A Place for Mastodon Posts

328 readers
1 users here now

A virtual community

Posts from Mastodon users, featured natively in a community, so you can view them without the need for them to be re-hosted or screenshoted, and reply to the original author and Mastodon respondents if you wish.

Has so far included content from Warsandpeas, Mr. Lovenstein, SMBC, Loading Artist, Low Quality Facts, nixCraft, ElleGray, and other interesting or provocative stuff I've random'd across on Mastodon.


Supported:
Comments & Upvotes
Unsupported:
Posts, Downvotes, & PD's Automod

founded 11 months ago
MODERATORS
 

(title added by mod for lemmy community)


(Originally published earlier today on thecanadian.social)

you are viewing a single comment's thread
view the rest of the comments
[–] Downcount@lemmy.world 28 points 9 months ago (3 children)

It could have cost them nothing to increase the laughable 6 chars minimum limit.

[–] bappity@lemmy.world 34 points 9 months ago (4 children)

I suppose at least it doesn’t have a maximum chars limit. I’m always dumbfounded and pissed off at sites that have those

[–] Downcount@lemmy.world 29 points 9 months ago (3 children)

I found sites with max characters of 8.

OF EIGHT!

[–] jodanlime@midwest.social 11 points 9 months ago

I’m pretty sure there’s some old mainframe that doesn’t support more than 8, maybe older AS400 or something like that. Could be the reason.

[–] bappity@lemmy.world 5 points 9 months ago
[–] Anticorp@lemmy.world 18 points 9 months ago (1 children)

US government sites are the worst about this. They’ll have some arbitrary set of rules like

  1. Must be exactly 6 characters
  2. Must use a letter, a special character, and an Egyptian hieroglyph
  3. Must not use the characters *(/2€÷
  4. Must use exactly one of the following characters _6]>
  5. Must start with a number and end with a vowel

Like, dude… These are sites that have ALL of your information, and they’re managed by complete idiots.

[–] Empricorn@feddit.nl 4 points 9 months ago (1 children)

No one with a bowel should be trusted with your password.

[–] Anticorp@lemmy.world 2 points 9 months ago

Bah, autocorrect. It was supposed to say “vowel”.

[–] 0110010001100010@lemmy.world 17 points 9 months ago (2 children)

It’s even worse when you have one that doesn’t tell you there is a max and just randomly truncates after a specific number of characters. I can’t remember which site did that to me recently. I had to reset my password like 4 times before I figured WTF was going on.

[–] bappity@lemmy.world 6 points 9 months ago (1 children)
[–] Spiralvortexisalie@lemmy.world 2 points 9 months ago

It feels like something more from a decade or two ago then now, but my pet peeve was when websites would merge or link and now your suddenly too long password only works for some of the portals or cause various issues. Iirc correctly the hashes would be equivalent regardless of length making the maximum limitation/truncation even more infuriating.

[–] Pringles@lemm.ee 2 points 9 months ago

I have that with a newspaper subscription. Password needs to be 16 characters or less, but it allows you to set it, it just doesn’t work. Every time I need to change it I forget about that and have a new randomly generated 20+ character password, only to once again become frustrated with not being able to log in. I want to strangle the idiot that came up with this madness.

[–] JackGreenEarth@lemm.ee 4 points 9 months ago

Android has one of those. It’s really annoying that my own device, which blocks me from accessing files the name of security, doesn’t allow me to have a stronger length password. And no, I can’t install a custom ROM or root my phone, as my manafacturer thought me having root access to the device I own is ‘insecure’. But apparently having a short password isn’t.

[–] michael_palmer@lemmy.sdf.org 7 points 9 months ago

Microsoft didn’t allow setting a password longer than 16 characters until 2019, I think.

[–] JustUseMint@lemmy.world 1 points 9 months ago (1 children)

Seriously even pci requires 12 min and that’s still a joke

[–] XTornado@lemmy.ml 3 points 9 months ago (1 children)
[–] JustUseMint@lemmy.world 1 points 9 months ago (1 children)

According to black hills infosec yes it is. They are calling for a 15 character bare minimum, with an emphasis on 20+. They routinely crack 12 character passwords fairly quickly.

[–] XTornado@lemmy.ml 1 points 9 months ago