Not a true greentext but I hope I have captured the spirit of it. (First time I wrote smth like this, don’t be harsh on me. >w<)

  • TootSweet@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    7 months ago

    Websites need desperately to display their password creation rules on login pages. If I knew this particular site had (for some dumbass reason) a maximum password length less than the length of the password I’d otherwise use on that site or (also completely unreasonably) restricts special characters, I can more easily figure out what password I used when I signed up with fewer wrong guesses, all without sacrificing any security. (It’s not like the rules aren’t public info that anyone can get. Just don’t make me go halfway through the signup process to get that information if I’m just trying to log in.)

    • Vlyn@lemmy.zip
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      7 months ago

      Use a password manager, no need to remember shit then (besides your master password). For example if you want a local solution KeePass and sync the file (I use Dropbox, it’s encrypted anyway). You can also access it on Android with the sync.

      • KISSmyOSFeddit@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        6
        ·
        7 months ago

        It would also let hackers know what combinations not to try.

        I have a better proposal: If your login page has any restriction on passwords (other than being part of Unicode and a max length of 128 characters) then your site should be shut down.

        • Martineski@lemmy.dbzer0.comOP
          link
          fedilink
          English
          arrow-up
          14
          ·
          7 months ago

          It would also let hackers know what combinations not to try.

          You mean the exact thing they could learn by clicking on “sign up”?