Too many sites do passwords wrong.

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #402,087

by static

5/28/15 12:16:48 AM

Too many sites do passwords wrong.

A website that uses passwords should do nothing to a supplied password other than hash it, unaltered. What you're given is what you're given and no characters should be forbidden. If someone wants to include a space, a left-brace, an acute-a, a copyright symbol and the Chinese character for water, it should work.

Obviously you should have strength checks to help stop users being idiots, but even a length check should be very very generous. 256 characters is a hideously long password, but not so long as to be problematic to hash.

Wade.

Just Add Story http://justaddstory.wordpress.com/

so I was careless... - (rcareaga) - (29) - May 18, 2015, 10:35:50 AM EDT

does the mail app know about the new password? dumb question I know -NT - (boxley) - May 18, 2015, 10:48:55 AM EDT

Maybe had nothing to do with you - (drook) - May 18, 2015, 11:02:39 AM EDT

this is starting to look nasty - (rcareaga) - (3) - May 18, 2015, 12:07:07 PM EDT

resolved? - (rcareaga) - (2) - May 18, 2015, 12:32:20 PM EDT

Glad you got it worked out. Two factor? - (Another Scott) - May 18, 2015, 01:35:16 PM EDT

Do you know for sure that you were actually compromised? - (drook) - May 18, 2015, 01:51:49 PM EDT

a day later... - (rcareaga) - May 19, 2015, 10:24:47 PM EDT

sheesh! - (rcareaga) - (21) - May 26, 2015, 09:50:01 PM EDT

Likely scenario - (scoenye) - (10) - May 27, 2015, 08:06:48 AM EDT

concur - (rcareaga) - (9) - May 28, 2015, 12:32:12 PM EDT

Password storage. - (static) - May 28, 2015, 05:33:44 PM EDT

Here's where I got my rule - (drook) - (4) - May 28, 2015, 08:09:01 PM EDT

XKCD to the rescue - (static) - (3) - May 28, 2015, 10:15:41 PM EDT

:-) -NT - (Another Scott) - May 28, 2015, 10:41:01 PM EDT

That, too - (drook) - (1) - May 28, 2015, 10:51:36 PM EDT

Ford Credit will only take 8 -NT - (malraux) - May 28, 2015, 11:00:52 PM EDT

Re: concur - (mvitale) - (2) - May 29, 2015, 09:44:36 AM EDT

Entertaining story. - (Another Scott) - May 29, 2015, 09:07:07 PM EDT

I get annoyed at password restrictions. - (static) - May 30, 2015, 08:28:53 AM EDT

password management - (boxley) - (9) - May 27, 2015, 11:35:13 AM EDT

Chase doesn't allow special characters. - (mmoffitt) - (1) - May 27, 2015, 01:18:42 PM EDT

Too many sites do passwords wrong. - (static) - May 28, 2015, 12:16:48 AM EDT

Number substitution isn't recommended any more. - (Another Scott) - (6) - May 27, 2015, 02:09:06 PM EDT

I like writing down - (drook) - (3) - May 27, 2015, 02:29:25 PM EDT

so you go in person to pay all your bills? Nice to have that much free time -NT - (boxley) - (2) - May 27, 2015, 03:51:34 PM EDT

Not the point - (drook) - (1) - May 27, 2015, 04:27:34 PM EDT

Having my wallet messed with in middle school taught me that it's not good to depend on it... - (Another Scott) - May 27, 2015, 04:41:49 PM EDT

not necessarily - (rcareaga) - (1) - May 28, 2015, 01:26:40 PM EDT

Re your last line: yes, that -NT - (drook) - May 28, 2015, 03:11:19 PM EDT

iwethey.org

Loaded with more RAM than a goat festival!
56 ms