Dear god
>>57140052
site?
>>57140073
this
what the fuck
why would you even tell the user
GG you just gave script kiddies a password library
>>57140052
Still better than other sites I've encountered
>your password must contain a lowercase letter, an uppercase letter, a number, a special character (+-*& only), no dictionary words, a space, the blood of your firstborn child, and must be between 6 and 7 characters long
>>57140073
>>57140092
No clue, but I know this was posted on the software gore subreddit a few days ago. They found it but the comments were deleted because rules.
>your password can't be longer than 14 characters
>>57140104
I don't see the issue.
>>57140052
>please input all your passwords here, we just wanna check if someone else uses the same
>for your security of course
kek
>>57140175
Easy to crack passwords for the site. You know that every password on the site has at least one of each of the given criteria and is either 6 or 7 characters, it really narrows shit down.
>>57140190
Oh yeah didn't read the "between 6 and 7 chars long". That's pretty stupid.
>password must be less than x characters
>>57140204
10 is enough though.
>>57140326
16 or more characters should be necessary
>>57140334
In a decade even 16 wont be enough
Every password setup must have timeouts after 3 failed attempts at the very least
>>57140204
Is there literally any reason for this? I don't think any relevant hashing algorithm from the past 10 years cares how large the input is. Are they even hashing their passwords if they do this?
>>57140363
>Every password setup must have timeouts after 3 failed attempts at the very least
That's not how compromised hashes work.
>tfw your bank limits your password to five characters and only numerals are allowed
Like what the actual fuck. My Reddit account has a stronger password than my online bank account.
>>57140455
>admitting to having a reddit account
That's pretty bad though, do they at least have some kind of protection against brute forcing?
>password is too similar to the previous password
How the fuck would it even know that?
>>57140092
>>57140052
You can do this with hashes as well dipshits
Not that it's a smart idea to do so.
>>57140907
Jesus christ you're proud of being a complete retard
>>57140907
No salt though.
Well at least it prevents more than one dipshit from picking 'password' or '123456'.
>>57141031
>>57140907
Can't forget the salt now, can we?
>>57140368
Some exec probably decided to limit password size to save money on disk space.
>>57141298
The point is, you're not supposed to save the passwords in plain text. You're supposed to save hashes, which always have the same length. So a maximum length for passwords is a pretty strong indicator that something's very very fucked.