this post was submitted on 17 Jul 2023
169 points (88.9% liked)

Programmer Humor

19503 readers
334 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
top 30 comments
sorted by: hot top controversial new old
[–] roofuskit@kbin.social 17 points 1 year ago (2 children)

Nothing enrages me more than a password character limit. Thank you for making sure my password is LESS secure with your idiotic requirements based on security recommendations that are at least a decade old.

[–] Ambiorickx@lemmy.world 5 points 1 year ago (3 children)

How about… an undisclosed character limit? We’ll just keep telling you your password is invalid until you figure out the max length.

[–] ericjmorey@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (1 children)

Fun fact, this is a feature of Lemmy:

  • Lemmy has an undisclosed password limit of 60 characters.
  • Lemmy's signup form will silently truncate passwords longer than 60 characters to 60 characters.
  • Lemmy's login form will crash when passwords longer than 60 characters are submitted.

Someone please submit a PR

[–] roofuskit@kbin.social 1 points 1 year ago

Just move to kbin.

[–] lisploli@programming.dev 3 points 1 year ago (1 children)

Let the users enter as many characters as they want and silently crop the password to a few characters.

[–] roofuskit@kbin.social 2 points 1 year ago

I would give up before I figured that out and find some other service to use.

[–] darcy@sh.itjust.works 1 points 1 year ago

banks using EXACTLY 8 character passwords 💀 (srsly)

[–] Ikkou@lemmy.dbzer0.com 16 points 1 year ago (1 children)

Try this simple and fun game to practice your password creation skills :^) https://neal.fun/password-game/

Convince me this isn’t just training someone’s pet algorithm the same way we’ve all been trained to accept training the CAPTCHAs.

WAKE UP COMPILERS (It is a fun game though)

[–] KaeruCT@programming.dev 11 points 1 year ago (1 children)

My bank requires your password to contain NO vowels. I always forget when I update the password (forced to every 3 months) and the error never mentions it.

[–] zarp86@sh.itjust.works 7 points 1 year ago (2 children)

I'm struggling to think why this would be a thing. The only guess I have is someone was told to enforce "no dictionary words in a password" and saw that as an 'easier' way to implement?

[–] tikitaki@kbin.social 5 points 1 year ago* (last edited 1 year ago)

One one hand it reduces the total # of characters needed to brute force which is bad. On the other hand, like you said, it makes it so dictionary attacks are weaker - which is good

Although I think you could just get a regular dictionary, remove the vowels, and it would probably work just fine

So ultimately? I think stupid decision

[–] aloso@programming.dev 10 points 1 year ago
[–] selawdivad@lemm.ee 7 points 1 year ago (1 children)

I just use the KeePassXC password generator. :)

[–] Acetamide@lemmy.world 4 points 1 year ago

Way too often I've had websites complain that the input password is too complex, and I have to dial down the settings.

[–] apotheotic@beehaw.org 7 points 1 year ago (1 children)

Creating a password is as easy as clicking generate in my password manager - y'all should use one too

[–] malloc@programming.dev 1 points 1 year ago (1 children)

This is the only way. Except some services don’t even accept those randomly generated ones. Only a slight inconvenience to add whatever special character they want or to trim the length.

Inconvenience? More like incompetence… they should let me use æøéüôñ🍕&/ in my passphrase

[–] paddirn@lemmy.world 7 points 1 year ago

I get so irrationally mad about passwords now, and then it’s like every 3 months, no matter what password phrase I come up with, with whatever non-sensual special characters and spaces added in, it’s compromised in some hack, so no matter how good your password is, they’ll just get it from the source anyways.

[–] ParadoxSeahorse@lemmy.world 5 points 1 year ago (1 children)

And not in the user’s last X passwords! And doesn’t contain their name, address etc! And changes every X days!

Literally writing code to do this rn, even tho I pushed back with modern theories… IT security “experts” set policy using just enough knowledge to be dangerous

One of the banned words hardcoded previously was “monkey”, needless to say I am proud to carry on this tradition

[–] roi@lemmy.blahaj.zone 1 points 1 year ago
[–] malloc@programming.dev 4 points 1 year ago

Reminds me of “The Password Game” 😂

[–] PriorProject@lemmy.world 3 points 1 year ago (1 children)

Sorry, that password is already in use.

Who's using it? I'll just use that account.

[–] Shaikan@programming.dev 3 points 1 year ago

Just reset your username using your password

load more comments
view more: next ›