(title added by mod for lemmy community)
(Originally published earlier today on thecanadian.social)
6 character when the current year is only 4 characters long. They really want me to think about it huh.
It could have cost them nothing to increase the laughable 6 chars minimum limit.
I suppose at least it doesn’t have a maximum chars limit. I’m always dumbfounded and pissed off at sites that have those
I found sites with max characters of 8.
OF EIGHT!
I’m pretty sure there’s some old mainframe that doesn’t support more than 8, maybe older AS400 or something like that. Could be the reason.
WHAT THE FUCK
US government sites are the worst about this. They’ll have some arbitrary set of rules like
- Must be exactly 6 characters
- Must use a letter, a special character, and an Egyptian hieroglyph
- Must not use the characters *(/2€÷
- Must use exactly one of the following characters _6]>
- Must start with a number and end with a vowel
Like, dude… These are sites that have ALL of your information, and they’re managed by complete idiots.
No one with a bowel should be trusted with your password.
Bah, autocorrect. It was supposed to say “vowel”.
It’s even worse when you have one that doesn’t tell you there is a max and just randomly truncates after a specific number of characters. I can’t remember which site did that to me recently. I had to reset my password like 4 times before I figured WTF was going on.
WHAT THE ACTUAL FUCKKKKKK
It feels like something more from a decade or two ago then now, but my pet peeve was when websites would merge or link and now your suddenly too long password only works for some of the portals or cause various issues. Iirc correctly the hashes would be equivalent regardless of length making the maximum limitation/truncation even more infuriating.
I have that with a newspaper subscription. Password needs to be 16 characters or less, but it allows you to set it, it just doesn’t work. Every time I need to change it I forget about that and have a new randomly generated 20+ character password, only to once again become frustrated with not being able to log in. I want to strangle the idiot that came up with this madness.
Android has one of those. It’s really annoying that my own device, which blocks me from accessing files the name of security, doesn’t allow me to have a stronger length password. And no, I can’t install a custom ROM or root my phone, as my manafacturer thought me having root access to the device I own is ‘insecure’. But apparently having a short password isn’t.
Microsoft didn’t allow setting a password longer than 16 characters until 2019, I think.
Seriously even pci requires 12 min and that’s still a joke
12 min is a joke!??!??
According to black hills infosec yes it is. They are calling for a 15 character bare minimum, with an emphasis on 20+. They routinely crack 12 character passwords fairly quickly.
Damn…
