this post was submitted on 25 Aug 2024
566 points (98.5% liked)
Cybersecurity - Memes
2015 readers
3 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Maximum length is the biggest red flag to me and was the catalyst for me making the effort to switch to unique passwords per-account years ago. There's just so, so many shitty homerolled security systems out there... and data breaches seem to be a perennial problem these days.
There's just no excuse for limiting the length if you're doing security correctly (other than perhaps a large upper limit just to protect against someone DOSing the backend with a bunch of 100MB strings; 512 characters seems reasonable).
By setting an upper limit, you're basically saying one or more of these things:
arbitrary_list_of_bs
My senior project for uni was replacing the professor's friend's website. We had a meeting to gather requirements, have him demo the site as different kinds of users, etc. Dude said "Hold on a sec" and went to a page with all accounts and their passwords listed. Was like, dude, the hell