this post was submitted on 14 Jul 2023
1 points (100.0% liked)

Technology

66687 readers
4595 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
1
Passwords (lemmy.world)
submitted 2 years ago by 8tpercent@lemmy.world to c/technology@lemmy.world
8 comments fedilink hide all child comments
 

We've all been there.

top 8 comments
sorted by: hot top controversial new old
[–] Tyler_Zoro@ttrpg.network 1 points 2 years ago (3 children)

Fun fact: password controls like this have been obsolete since 2020. Standards that guide password management now focus on password length and external security features (like 2FA and robust password encryption for storage) rather than on individual characters in passwords.

[–] fubo@lemmy.world 1 points 2 years ago* (last edited 2 years ago)

Since 2017 at least; and IIRC years before that; that's just the earliest NIST publication on the subject I could find with a trivial Web search.

https://pages.nist.gov/800-63-3/sp800-63b.html

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

"Memorized secrets" means classic passwords, i.e. a one-factor authentication through a shared secret presumed to be known to only the right person.

[–] Rufio@lemm.ee 1 points 2 years ago (1 children)

I wouldn’t say obsolete because that implies it’s not really used anymore. Most websites and apps still use validation not too dissimilar from the OP, even if it goes against the latest best practices.

[–] ArianaGrande@lemmy.world 1 points 2 years ago

Yeah, the most recent one for me was creating a password at lemmy.world

[–] CoderKat@lemm.ee 1 points 2 years ago

For today's 10,000 who have never seen it, https://xkcd.com/936/ succinctly explains why the whole mixed character types thing isn't favoured.

[–] Madbrad200@sh.itjust.works 1 points 5 days ago

My absolute favourite is when your password is too long but they don't tell you that, I guess because they weren't expecting it. It only causes a hitch when you later try to login and it doesn't let you ....

[–] eochaid@lemmy.world 1 points 2 years ago* (last edited 2 years ago)

Sorry, that password is already in use

BIG red flag. Abort. Abort.

Also I love when they only support certain special characters. So the psuedo random noise created by my password generator won't work until I curate out the unsupported characters.

[–] Regna@lemmy.world 1 points 2 years ago* (last edited 2 years ago)

I too love the Password game! Please save Paul! ~I truly care about him!~ ^Truly!^

(Sorry, I sometimes like to post really bad comments...)