- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Fr!5tm3n0w
Edit Admin
So apparently !!!!!!!! is complex enough for them. But make sure you don't accidentally press Caps Lock before entering it, because the site passwords are case sensitive.
Admin
If this is in the UK or EU, they are breaching the GDPR (articles 5 and 32). Please report them to the ICO. We desperately need a few high-profile, painful fines to stop this shit (not that that will happen).
Admin
I notice they - and a surprisingly high number of other place - don't allow single or double quotes in their passwords. That smells to me like they're not escaping their quotes properly, had problems with SQL injection-style attacks (either real or flagged up as a vulnerability) and just decided to bodge it by not allowing them.
Edit Admin
The only max length rules I have seen in a decade+ were from US banks we had to use for company CCs. Some would block pasting in forms, so "KqPSRQn0!" would have to replace "➸⟎⻐⽝⟹⇸⍶⭁⇿". And SQL injection protection was banning some chars. I still encounter sites that insist on UpperLowerNumberSpecial resulting in "┬∟⋀⩵⍿✫✠⢢⠸ⓧ⦬᭷꒟⾝﷽⚧≈≬꒢⭨⬠┛⣹꒽˻Ab1!"
Edit Admin
I know the first rule of TDWTF is to to not talk about the comment or forum SW, but WTH do my newlines go?
Edit Admin
I have seen password forms which seem to be flummoxed by password managers. My password manager will choose a password, fill it in (I can even see it by pressing the eye-con next to the field) but the form validation acts as if I typed nothing. So, when changing the password, I have to then cut/paste it from the password manager into the form. Perhaps that is what happened & IT support was clueless.
Edit Admin
I rage when I encounter this, since clearly it is more accurate for me to paste in the copied password. Someone please enlighten me with the Really Good Reasons for blocking password-pasting, since I cannot see them.
Edit Admin
There's not a good reason. But the claimed reasons for blocking pasting are
Edit Admin
I can maybe think of one reason for blocking pasting: A user got the password from a HTML formatted page, fex email (yes it is rare, but I sometimes see onetime- or reset-codes); very often there will be an extra space trailing the PW when copying.
The solution is to .Trim the PW field, not block pasting.
Admin
So I can't have password like "Louvre"
Admin
I've run into that. I've discovered that manually deleting the last character and manually typing it back in will make it take the password.
Edit Admin
Interesting, I'll have to give that a try next time. I wonder if these forms would let me type an extra character and then delete it....
Edit Admin
One day, humanity will rise above the murky tide of its own ignorance. In that dawn, we shall see the construction of a trebuchet (the superior siege weapon) so large that it can hurl even the greatest of mountains into the Sun. We shall use this pinnacle of a weapon to jettison every computer that hosts code that checks for password length.
Edit Admin
Don't you mean "checks for maximum password length" ? Personally, I want them to check for a (reasonable) minimum length.