Public
- Public
- Groups
- Recent tags
- Popular
- Directory

Conversation:

Notices

Chimo (chimo)'s status on Wednesday, 19-Jul-2017 16:40:02 EDT Chimo
Remote profile options...

What kind of braindead password requirements are those?!

* "maximum of 12 characters"

* "must start with a letter"

* Symbol set limited to 11 different symbols

ffs, people… http://sn.chromic.org/attachment/328464

Wednesday, 19-Jul-2017 16:40:02 EDT from sn.chromic.org at 45°24'44"N 75°42'38"W permalink
- Joshua Judson Rosen repeated this.
- Joshua Judson Rosen (rozzin)'s status on Wednesday, 19-Jul-2017 20:12:39 EDT Joshua Judson Rosen
  - Chimo
  @chimo, I've dealt with systems like that; it often means that they're storing your password in cleartext and(!)/or interconnecting multiple systems that each failing to sanitize their inputs in at least one of those ways.
  
  Wednesday, 19-Jul-2017 20:12:39 EDT permalink
- Joshua Judson Rosen (rozzin)'s status on Wednesday, 19-Jul-2017 20:15:34 EDT Joshua Judson Rosen
  - Chimo
  @chimo for example, SSO sytems with an old #IRIX box somewhere in the mix can't enforce ">8-char passwords" and sometimes enforce "<=8".
  
  Wednesday, 19-Jul-2017 20:15:34 EDT permalink
- Joshua Judson Rosen (rozzin)'s status on Wednesday, 19-Jul-2017 20:32:22 EDT Joshua Judson Rosen
  - Chimo
  @chimo, "passwords must start with a letter" probably means "cleartext storage" + either "generating code + not sanitizing" or "using the wrong cmp operator". There have been many cases throughout computing history where "starts with a digit" meant "parses as numeric", for example.
  
  Wednesday, 19-Jul-2017 20:32:22 EDT permalink
- Chimo (chimo)'s status on Wednesday, 19-Jul-2017 21:00:57 EDT Chimo
  Remote profile options...
  - Joshua Judson Rosen
  @rozzin thanks for the insightful analysis. Depressing that we're still dealing with such systems even today.
  
  Wednesday, 19-Jul-2017 21:00:57 EDT permalink

Public

Conversation:

Notices

Feeds