Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • lseif
    link
    fedilink
    arrow-up
    34
    arrow-down
    1
    ·
    3 months ago

    worst i’ve seen is 8 characters. precisely 8 characters, no more no less… it was for a bank …

    • Dwemthy (he/him)@lemdro.id
      link
      fedilink
      English
      arrow-up
      16
      ·
      3 months ago

      A major US bank that I used to use has case insensitive passwords, found that out one day when I noticed caps lock was on after logging in with no trouble

      • viking@infosec.pub
        link
        fedilink
        arrow-up
        12
        ·
        3 months ago

        Makes you wonder if they store the password in plain text, or convert to lower key during your first input so it’s at least hashed. I wouldn’t be surprised if it’s not.

        • lseif
          link
          fedilink
          arrow-up
          10
          ·
          3 months ago

          they store the passwords as filenames on a windows system

            • lseif
              link
              fedilink
              arrow-up
              2
              ·
              3 months ago

              set your password as GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} for infinite money glitch

        • JustAnotherRando@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          3 months ago

          I don’t think it could be hashed if it is case insensitive. It’s fairly early so I may be misremembering but I’m not aware of any hashing algo that ignores case.

          Edit: Ah, actually they could be storing the password as a hash, but they would probably have to do like a password. ToLower() call or something where they morphed the string before checking… The thought of which just makes me shudder.

      • lseif
        link
        fedilink
        arrow-up
        2
        ·
        3 months ago

        i think this was about a year ago when they changed it…

    • Donkter@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      3 months ago

      The fact that it was a power of 2 makes me suspect lazy coding. That bank didn’t pay its programmers well enough.

      • lseif
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        maybe they store the entire password as a u64 and bitmask out each character