this post was submitted on 14 Jul 2023
1178 points (92.1% liked)

Technology

60058 readers
2047 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

We've all been there.

you are viewing a single comment's thread
view the rest of the comments
[–] eochaid@lemmy.world 34 points 1 year ago* (last edited 1 year ago) (4 children)

Sorry, that password is already in use

BIG red flag. Abort. Abort.

Also I love when they only support certain special characters. So the psuedo random noise created by my password generator won't work until I curate out the unsupported characters.

[–] dancing_umbra@lemm.ee 20 points 1 year ago (2 children)

I was changing my password on a pretty big company website the other day.

The password generated by my password manager kept giving me a http error (500 I think)

I generated a new password and deleted all the special characters other than the obvious ones. Boom, worked first time.

So looks like someone is not sanitising their inputs properly.

I sent them an email so hopefully they will fix.

[–] dandroid@dandroid.app 10 points 1 year ago (1 children)

I sent them an email so hopefully they will fix.

One can only hope. But based on my experience, they usually do not. I once sent an email to Microsoft telling them that their Microsoft account app had a vulnerability, and I even sent them the XML line they needed to add to their Android Manifest to fix it, and they wouldn't do it because it required physical access to the device to exploit. I mean, that's fair enough, but it was literally one line of code to plug the hole.

They eventually did add that line about 6 years later.

[–] dancing_umbra@lemm.ee 8 points 1 year ago (1 children)

It boggles sometimes.

I remember about 2015 (?) In the vicinity anyway, PayPal has a 12 character MAXIMUM on their passwords.

PayPal, you know the place where you can literally transfer all the money. A 12 character MAXIMUM

I emailed them to suggest they change this requirement. And they replied saying that 12 characters was sufficient if you used special characters and numbers.

Glad they have finally changed it now.

[–] KSPAtlas@sopuli.xyz 3 points 1 year ago (1 children)

My bank has an 8 character limit. Not minimum, limit

[–] Pumpkinbot@lemmy.world 6 points 1 year ago (1 children)

Password1'); DROP TABLE Passwords;--

[–] KairuByte@lemmy.world 1 points 1 year ago

Robert'); DROP TABLE Students;--

[–] pfannkuchen_gesicht@lemmy.one 8 points 1 year ago (1 children)

Funniest thing was when I registered on a website which parsed the \0 sequence and hence truncated the password in the background unbeknownst to me. This way you could circumvent the minimum length and creare a one character password.

Once I registered on a website. I used an auto generated password. Next time I tried to log in to the website I was confused that my stored password didn’t work. Requested to change the password, but I used the stored password again. To my surprise, it said the password must be different from the current one.

After a bit back and forth I finally figured it out. Apparently the site had a max length on the password. Any password longer than that is truncated. This truncation wasn’t applied in the login form. Only when creating a password.

[–] Doug@midwest.social 2 points 1 year ago

So is that maximum length

[–] Trapping5341@lemmy.world 1 points 1 year ago

I always just refresh the password until I get a random one without the characters the randomly choose to forbid 😂