• @Bytemeister
    link
    Ελληνικά
    45 months ago

    Not bad, but I could see that creating passwords that are too long for some systems, and it would be vulnerable to dictionary attacks. Also, what would you do when the site requires a password reset?

    Maybe do your strat, but only do every other, or every 3rd letter as a short word, and use a Caesar cipher, incrementing the cipher once each time you have to reset? Sounds kinda fun, but I don’t think most sane people would do that… Open to ideas though.

    • Tlaloc_Temporal
      link
      fedilink
      35 months ago

      I’ve come across several sites with abhorrently short password limits, as low as 12.

      Worse, 2 of them accepted the longer password, but only saves the first n characters, so you can’t log in even with the correct password, untill you figure out the exact max length and truncate it manually.

      Even worse, one of those sites was a school authentication site, but it accepted the full password online and only truncated the password on the work computer login. That took me an entire period to suss out.

      • @evasive_chimpanzee
        link
        45 months ago

        You just gave me a flashback to a system I encountered as a student where my password got truncated, so I couldn’t log in. I had to ask the teacher what to do, expecting her to have access to a reset or something, but she just told me what my password was. It was like 3 and a half words, clearly truncated and stored in plain text.

    • @[email protected]
      link
      fedilink
      15 months ago

      I personally just use a pw manager. If I used them system myself, the alphabet words would probably be strings of characters that aren’t real words and I’d probably salt them too. But yeah I imagine you could run into size limits, which is a problem.

      I just wanted to share a pw strategy that seemed interesting. I used a simple pattern to make the concept easier to understand.