The amount of sites with maximum password size limitations is too damn high.

DragonByte Tech

DragonByte Tech

Well-known member
Too-Damn-High.jpg


Nobody Ever said:
Hello, website administrator? Your password rules allow me to set a password of four words, XKCD style, auto-generated by my password manager. I feel like this is too secure, not to mention too convenient. It's way too convenient to allow me to easily recognise a few words to type in, versus having to determine a randomly generated string with symbols and numbers.

Could you please limit the password length to 12-16 characters so I have to set a less secure password? That'd be grand, cheers.
Click to expand...

Random May-fly Free-To-Play Game #26,456,791 doing this? Okay, yeah whatever, I haven't touched this game since the 16th century so it's fine.
Blizzard Entertainment doing this? Mmmm you'd think they would know better, considering the amount of "yeah that bot was TOTALLY NOT ME, I got hacked!" tickets they get...
Microsoft doing this? uh... I'm sensing a trend of the bigger a company gets, the less of a frak they give...
My $*"^%(* BANK doing this!? Sheesh... I'm going to switch to Monzo soon anyway but damn son...
ESET SECURITY THE PEOPLE WHO MAKE ANTIVIRUS AND WORK IN SECURITY FOR A LIVING WHAT THE HELL ARE YOU DOING OH MY GOD WHY I mean I don't use their products any more but what are you doing lads. Lads, just... just stop.

Also, a honourable mention goes to companies who decide that offering their own SMS-based service, or their own custom-built authenticator, or ONLY email-based 2FA, is a vastly superior solution to just using Google Authenticator.
Blizzard gets a free pass here because their authenticator is actually damn good; you only tap "Approve" from the notification, you don't even have to open the authenticator itself, in order to approve a login request.

A dishonourable mention goes to Namecheap (domain name manager), because they tried to make what Blizzard makes, but they failed spectacularly when they failed to make a mobile app that works. They tell you to tap on the [2FA Off] banner in the top right of the app window. They partially obscured this banner with their logo, and not a single pixel of the banner is actually tappable. If I had tried for even a second longer, my wall would have had a smartphone embedded in it.

Lastly, a special Two-Finger Salute goes to VisionExpress (optometrist), who won't let you change your email or delete your account because your password is always wrong. Even when I literally used it to login 5 seconds earlier. Even when I reset it, then logged in, then immediately pasted it into the form. Even when I manually type it out. Change your email? Password wrong. Delete your account? Password wrong. Get your life together? Password wrong.

This descent into madness has been brought to you by the realisation that I had approx. 300 sites that all used variations of 3 different passwords, and I thought going through them all and changing the passwords would be a fun way to spend my Sunday.

I just hope my future therapist doesn't have an online accounts system...


Fillip
 
It pisses my off when sites have password restrictions. It pisses me off even more when they have a maximum length.

What REALLY pisses me off is when they block special characters.

Liam
 
Liam W said:
It pisses my off when sites have password restrictions. It pisses me off even more when they have a maximum length.

What REALLY pisses me off is when they block special characters.

Liam
Click to expand...
Try sites that have password rules, but don't tell you the rules until you've submitted the form. Which wipes out your "Existing password:" input. And then they tell you one rule at a time, so if you didn't include caps, didn't include a number, didn't include a symbol and included a hyphen (which is not on the list of allowed symbols), that's 5 times (including the successful save) you have to submit the password.

I wish I could take credit for the amount of sadism I just displayed with that paragraph, but oh no, that actually happened. I've already suppressed what site it was, as it's not one I visit frequently, but it exists.


Fillip
 
NixFifty said:
Just got my current account invite. :D
Click to expand...
Naisu. I have had my current account card for a few days, but haven't done anything with it since I've got a fair amount of money on my prepaid card and M to M payments aren't supported just yet.

As soon as that's enabled, I'm ditching the prepaid :)


Fillip
 
Paypal does something like with sub-account access (vs full accounts). Annoying as hell.

When you create a sub-account, it applies some different password rules to normal accounts. But if you then do a password change when logged in as that user, it works.
 
The problem is I must have several passwords to cover it all
And, even the worse is they force me to change it per annum or whatsoever.
I know it is good. But having so many different rules is annoying
 

Similar threads

kontrabass
  • Question Question
XF 2.2 Possible to check value of http header with conditionals?
Replies
0
Views
164
kontrabass
kontrabass
PumpinIron
  • Question Question
XF 2.2 Is there a way to lock an account after X amount of failed login attempts?
Replies
13
Views
721
PumpinIron
PumpinIron
digitalpoint
Password-less login
Replies
16
Views
1K
PaulB
PaulB
C
  • Question Question
Description with topics? Moving and sorting comments?
Replies
6
Views
476
Opus X
Opus X
Ludachris
  • Question Question
XF 2.2 Question about the 2FA process in XF
Replies
1
Views
920
Kirby
K
Top Bottom