Thread replies: 30
Thread images: 3
Thread images: 3
File: 1267749050300.png (19KB, 344x326px) Image search:
[Google]
19KB, 344x326px
>The login password is too long (at most 20 characters long)
>>
>>60154287
just kill yourself
>>
>>60154287
That's bad. Not as bad as
>The password must be 8-16 characters long. It must include a lowercase, uppercase, and a number.
This is from a fucking bank. A fucking bank, man. This should be illegal.
>>
This is why a thing anyway?
Database limits?
>>
>>60154287
And this probably means that they have a password varchar(20) field for storing plaintext password. Absolute bastards.
>>
File: metal-gear-alert.jpg (20KB, 600x600px) Image search:
[Google]
20KB, 600x600px
>this password is already in use by another user
>>
>>60156274
>It must include a lowercase, uppercase, and a number.
Change that to a lowercase or uppercase or number.
If its possible they are or aren't present... they have to try them all!
Bawsss
That 8-16 characters shit is fked tho. It's usually because of some integrated solution they use
>>
>>60156296
Bad coding. And then they build a whole infrastructure on the bad code.
A website should not even store your password. But create for example a 256 char salted hash of it.
>>
The worst thing is even big names like PayPal and Microsoft do it.
>>
>>60156274
The last copy of a working COBOL compiler for their mainframe got lost in 1995.
>>
>>60154287
Why would you use longer than 10-16 characters on anything that isn't directly related to your finances? If it's related to your finances, then switch to a service that doesn't suck.
>>
>>60156528
Pass phrases can be more secure and easier to remember.
whyamitypINGApasswordhere:3
>>
>>60156542
Anything longer than 16 is pointless. You do not gain additional security by doing that. Also, you should be using a password manager you fucking pleb.
>>
>>60156563
I often forget passwords that dont fit in a phrase format.
And I do use a password manager but I also want to remember what I can. Especially when you might have to type it in on multiple computers its a pain if your password is entirely gibberish.
>>
>>60156563
>Anything longer than 16 is pointless. You do not gain additional security by doing that.
That's just plain wrong.
>>
>>60156588
>That's just plain wrong
No it isn't. In order to brute force a randomly generated 16 character password would take 23548957514773044645945 password attempts per second for 50 years straight. Even Snowden's estimates put the government's password cracking abilities at around 1000000000000/second which is significantly less.
>>
>>60156619
So? You think there's no reason to future proof your passwords against better attacks?
We have exponential growth of computing power.
Saying that with current computing power it's unlikly is mind boggling.
>>
>>60156619
In reality you then get passwords like
passwordpassword
>>
>>60156634
Just like those companies where you have to change your password every 3 months. Then you get shit like:
summer2016
fall2016
winter2016
spring2017
Or
husband1
husband2
husband3
>>
>>60156630
>We have exponential growth of computing power.
That hasn't been true for years. I don't know why people keep spreadign this lie. The fact is that it takes 23.5 million times more computing power than the government is estimated to have available by the highest reasonable estimates. Most likely, the government does not have the full 1,000,000,000,000/s hashing power like Snowden said.
>>
>>60156634
I said randomly generated passwords. That is what password managers are for. Almost everyone uses password managers in my work place.
>>
>>60156687
So what is the advantage of limiting a password to 16 characters?
>>
>>60156719
Easier to type it in manually if needed. Like I was saying before, it really depends on what I am securing. If it's related to my finances, I'll use a longer password (32+). But the less important it is, the easier I want it to be to type in the password manually if I need to. If computing technology advances enough, I'll upgrade my password security also.
>>
>>60156619
b-but what if you use a botnet to network-crunch hashes on a block based distribution? 50 years in only 1
>>
>password input gets cut off at 20 chars without any indiciation
fucking paypal
>>
>>60154287
My bank has a fucking 6 character limit on passwords
>>
>not using the same easy to type and remember password on all sites and two-step verification
>>
File: 1454897517948.jpg (13KB, 526x526px) Image search:
[Google]
13KB, 526x526px
>>60156348
>visist website after X years
>can't remember password
>click 'forgot passsowrd'
>they send you your password via email
REEEEEEEEEEEEEEEEEEEEEEEE
WHY IS THIS ALLOWED??
>>
>>60157060
HAHAHAHAH
>>
>>60154287
>>60156274
Easy. Just tell your password manager to make the generated passwords match those rules.
Thread posts: 30
Thread images: 3
Thread images: 3