Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Merry Jerry 🎄🎅🕎⛄️❄️ (jerry@infosec.exchange)'s status on Friday, 05-May-2023 10:12:58 JST Merry Jerry 🎄🎅🕎⛄️❄️

How I imagine the discussion goes:
Bank IT person: we are thinking about letting customers pick a password of any length over 10 characters. Is that ok?
Bank regulator: hah! I saw a movie once where someone uploaded and played doom in a password field. Make it no more than 15 characters
IT: oh oh ok.
Regulator: and for heaven’s sake, don’t let them paste a password into the form. I heard that is also very insecure

In conversation Friday, 05-May-2023 10:12:58 JST from infosec.exchange permalink
- clacke likes this.
- Embed this notice
  clacke (clacke@libranet.de)'s status on Friday, 05-May-2023 10:20:20 JST clacke
  in reply to
  
  @jerry LinkedIn: "Limit the password to 16 characters. Don't tell anyone, just truncate their input when they register the password.
  Also don't truncate their password input when they try to log in, so it fails if they enter the same password as when they registered."
  
  In conversation Friday, 05-May-2023 10:20:20 JST permalink
- Embed this notice
  theruran 🌐🏴 (theruran@hackers.town)'s status on Friday, 05-May-2023 10:38:23 JST theruran 🌐🏴
  in reply to
  - clacke
  @clacke @jerry my personal favorite! :raccoon_trash:
  
  In conversation Friday, 05-May-2023 10:38:23 JST permalink
  
  clacke likes this.

Feeds