• Michael R (unregistered)

    Fr!5tm3n0w

  • (nodebb)

    So apparently !!!!!!!! is complex enough for them. But make sure you don't accidentally press Caps Lock before entering it, because the site passwords are case sensitive.

  • TS (unregistered)

    If this is in the UK or EU, they are breaching the GDPR (articles 5 and 32). Please report them to the ICO. We desperately need a few high-profile, painful fines to stop this shit (not that that will happen).

  • Darren (unregistered)

    I notice they - and a surprisingly high number of other place - don't allow single or double quotes in their passwords. That smells to me like they're not escaping their quotes properly, had problems with SQL injection-style attacks (either real or flagged up as a vulnerability) and just decided to bodge it by not allowing them.

  • (nodebb)

    The only max length rules I have seen in a decade+ were from US banks we had to use for company CCs. Some would block pasting in forms, so "KqPSRQn0!" would have to replace "➸⟎⻐⽝⟹⇸⍶⭁⇿". And SQL injection protection was banning some chars. I still encounter sites that insist on UpperLowerNumberSpecial resulting in "┬∟⋀⩵⍿✫✠⢢⠸ⓧ⦬᭷꒟⾝﷽⚧≈≬꒢⭨⬠┛⣹꒽˻Ab1!"

  • (nodebb)

    I know the first rule of TDWTF is to to not talk about the comment or forum SW, but WTH do my newlines go?

  • (nodebb)

    I have seen password forms which seem to be flummoxed by password managers. My password manager will choose a password, fill it in (I can even see it by pressing the eye-con next to the field) but the form validation acts as if I typed nothing. So, when changing the password, I have to then cut/paste it from the password manager into the form. Perhaps that is what happened & IT support was clueless.

  • (nodebb) in reply to HXO

    Some would block pasting in forms

    I rage when I encounter this, since clearly it is more accurate for me to paste in the copied password. Someone please enlighten me with the Really Good Reasons for blocking password-pasting, since I cannot see them.

  • (nodebb)

    There's not a good reason. But the claimed reasons for blocking pasting are

    • It defeats evil bots
    • It ensures the user correctly typed the PW they intended to. Not made a typo then unknowingly duplicated it. Hence setting up the need to do a vastly expensive and difficult PW reset next time when the PW they wrote on their sticky note doesn't work.

Leave a comment on “Secure to Great Lengths”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article