Passwords

8tpercent@lemmy.world · 2 years ago

Passwords

lunaticneko@lemmy.ml · 2 years ago

That password is already in use by user ‘gigachad’.

mudmaniac@lemmy.world · 2 years ago

For those wanting to play this as a game, there is this wonderfully fiendish website.

https://neal.fun/password-game/

Rule 13 Your password must include the current phase of the moon as an emoji.

Regna@lemmy.world · edit-2 2 years ago

I too love the Password game! Please save Paul! ~I truly care about him!~ ^Truly!

(Sorry, I sometimes like to post really bad comments…)

Eochaid@lemmy.world · edit-2 2 years ago

Sorry, that password is already in use

BIG red flag. Abort. Abort.

Also I love when they only support certain special characters. So the psuedo random noise created by my password generator won’t work until I curate out the unsupported characters.

Madbrad200@sh.itjust.works · 10 months ago

My absolute favourite is when your password is too long but they don’t tell you that, I guess because they weren’t expecting it. It only causes a hitch when you later try to login and it doesn’t let you …

graphite@lemmy.world · 2 years ago

Password can’t exceed 32 characters

Garbage

Revan343@lemmy.ca · 2 years ago

You think that’s bad, a decade ago I had to use a government-run website that required passwords be exactly 8 characters

complacent_jerboa@lemmy.world · 2 years ago

that password is already in use

lmao, “security” moment

TORFdot0@lemmy.world · 2 years ago

Brute force user names instead of password. Big Brian moment

complacent_jerboa@lemmy.world · 2 years ago

Large Brian Moment, for real

average650@lemmy.world · 2 years ago

The worst part is that if they know that password is already in use… then they aren’t storing their passwords appropriately.

teft@lemmy.world · 2 years ago

You could store the passwords as hashes and just compare the hashed value.

SpacedBear@lemmy.world · 2 years ago

Looks like someone’s been playing the password game https://neal.fun/password-game/

everythingsucks@lemmy.world · 2 years ago

That game made me want to punch.

zeppo@lemmy.world · 2 years ago

“Sorry, that password is already in use” ruins it for me. That’s not a realistic message to receive.

Maybe “Your password cannot be one you’ve used previously”.

Buddahriffic@lemmy.world · 2 years ago

It follows the vein of some of the password rules and feedback reducing security itself. Like why disallow any characters or set a maximum password length in double digits? If you’re storing a hash of the password, the hash function can handle arbitrary length strings filled with arbitrary characters. They run on files, so even null characters need to work. If you do one hash on the client’s side and another one on the server, then all the extra computational power needed for a ridiculously long password will be done by the client’s computer.

And I bet at least one site has used the error message “that password is already in use by <account>” before someone else in the dev team said, “hang on, what?”.

nowwhatnapster@lemmy.world · 2 years ago

Should be: “your password cannot be one of your last 24 passwords”

VindictiveJudge@lemmy.world · 2 years ago

Especially for those places that want your password changed every two weeks.