• @[email protected]
    link
    fedilink
    175 months ago

    i have totally run into stuff that silently truncates the password i give it. It’s always something like online banking that you would hope has robust enough security standards to hash that shit, too… The one in particular i’m thinking of silently truncated the password in the reset-password form, but not for the log-in form. Took me forever to figure out wtf was going on there.

    • @root
      link
      65 months ago

      I’ve had this before as well; Very annoying.

    • @[email protected]
      link
      fedilink
      English
      25 months ago

      Banks are world class leaders in technical inertia. Almost certainly at some point when they’re designing their system they’ve got a interface from the 1970s or maybe even the 1980s if it’s a new bank, that has to work with everything else which has the limited input fields. And that just propagates to all the other systems in these weird ways

      Oh yeah we’re using a file system that integrates over LDAT but it only looks at the first eight characters cuz the rest are used for the domain etc etc etc

    • Prison Mike
      link
      fedilink
      1
      edit-2
      5 months ago

      Banks are still doing SMS-based 2FA. And after doing some security training at work written by the FBI and seeing it suggest switching letters/numbers around to make a password “more secure” (like th15); I’ve completely lost confidence in banks’ security standards.