#passwordfail — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #passwordfail, aggregated by home.social.
-
Registrierung zum IT-Sicherheitskongress des @bsi #passwordfail
Aber zur Ehrenrettung: das ist auf der Webseite des eingesetzten Streaming-Dienstleisters. Vielleicht mag da aber trotzdem mal jemand nachhaken......
-
WTF Mircoschrott!
Ich bekomme ein Dokument mit einem Passwortschutz, öffne es in Word, kopiere 20 Zeichen aus dem Passwortmanager, alles gut. Dieses Dokument wurde auf Windows erstellt.
Jetzt sitze ich an einem Mac, habe das Passwort noch in der Zwischenablage und will ein neues Dokument damit schützen (ja, ja, Password Reuse, ich weiß). Fehlermeldung:
"The password is too long."
-
I fucking hate it, every time I register somewhere 😑
Started with 128 characters with all the weird stuff in it.
In the end the upper limit was at 50 characters.I actually don't like, that there are upper limits at all.
But if there are, TELL ME WHAT IT IS, for crying out loud 🤬 -
WTF QNAP!
Seit ewigen Zeiten nutze ich ein 64 Zeichen langes Passwort fuer meine Verschluesselung. Jetzt sagt mir das Webinterface, dass ich davon bitte nur 32 Zeichen in das Passwortfeld eintippen soll.... ?!?!?
Ich habe dann mein bisheriges Passwort auf 32 Zeichen gekuerzt und voila - Data Volume wird entsperrt.
What the actual fuck?
-
Danke 1&1... 🙄
-
-
They changed their password requirements. So the password that I had *already set up* and *used* was no longer valid. I had to reset it.
😠 -
Was kann da schon schiefgehen?
-
Ach wie schön dass niemand weiß, dass ich Passwörter in meine Passwort.txt schmeiß :thisIsFine: #passwordfail
-
@hexaheximal 72 is a number I haven't seen... 32, 20, 40, 60, 50 have all been there - with 20 being PayPal, see https://social.tchncs.de/@jesterchen/112712925969922353
I've had a huge collection of these sites at Twitter while I changed my 800+ passwords after LastPass.......
For more password fails search for #passwordfail or have a look at @dumbpasswordrules
-
#passwordfail at #paypal: 8-20 chars
-
-
Another #PasswordFail with some nice layers from Arrow Electronics. Right off the bat, we've got a max password length (boo!) and a "acceptable special characters" list (boo!!!), but the thing that spurred me to actually contact support was that the special character list wasn't taken into account in the individual validation bullets, so my password passed all the "checks" but still "didn't meet the requirements" 🙄
Bonus absurdity: take a close look at that acceptable "special" character list. What the heck is going on there?? We've got:
- 0 and l (that's zero and lower-case L, which are...not special characters??)
- TWO zeroes and TWO periods
- Several spaces (do they count?)
- Absence of the most basic number-key special symbols, including !, &, and ()But wait! There's more! In testing, it actually accepted a password with ! in it (but not spaces), so I dug in and present you the _actual_ list, which is totally different from the acceptable list:
a = /[~!@#$%^&*()\-_=+[\]{}|;:,.<>\/?]/g.test(this.$password) ? 'valid' : 'invalid'
A small mercy: there are no characters listed that aren't actually accepted.
But please, STOP CREATING ARBITRARY ACCEPTABLE SYMBOL LISTS!! There is zero technical reason for it, you should be hashing your passwords as soon as you get them anyway! Stop it!!! #PasswordFailHallOfFame
-
-
Why, #Sophos, just why?
(Again: this is a serious question. Why is the length limited on the upper end?)
(Ok, and why only at 8 chars at the lower end?) -
-
-
Nein, #Decathlon. Einfach nur nein.
Oder nennt mir einen validen technischen Grund dafuer.
-
@tinker One of the last major incidents that I worked on happened because, when a user in the org called helpdesk for a password reset, the helpdesk set the password to season+year (Spring2023, Summer2023, etc) and did not tick "User must change password on next logon". The attackers (we attributed it to an Iranian group) were able to get to >100 users who had never changed their password after a reset.
#PasswordFail #IncidentResponse #NationalCyberSecurityAwarenessMonth
-
One of my tools just greeted me with:
"Your password has expired or no longer complies with the security policies. Please enter a new password!"
How the **** do they know, my password might no longer comply with security policies? Do they store meta information about my password or - which is even worse - the plaintext password?
Or do you have any other idea, how a test like this might be accomplished?
-
#SquareEnix, your password and e-mail restrictions, use of security questions and other sign-up form requirements suck...
- Password field can't be pasted into
- Password field can't be filled by the browser's password generator (option doesn't show up)
- Password phrases aren't possible as spaces seem to be disallowed
- Additional restrictions such as limiting the amount of repeated characters only provide additional rules for brute force systems, thus reducing the total amount of possible choices. In addition they make it hard for password generators to create a valid password.
- Putting limitations on the kinds of special characters allowed, makes me wonder doubt your user input sanitation...
In addition to this, they are asking for a 'security question', which are notoriously easy to find, guess or social engineer.
The first couple of answers I gave were also refused.Plus-signs are also not allowed in the e-mail address field, thus making it impossible to use #PlusFiltering, while also going against the #EMailRFC, which states that plus signs are allowed in the local-part of the address.
#Password #Passwords #PasswordFail #Security #SecurityFail #Squeenix #SquareEnix #FFXIV #emailFail #PasswordRestrictions #SecurityQuestions
-
#SquareEnix, your password and e-mail restrictions, use of security questions and other sign-up form requirements suck...
- Password field can't be pasted into
- Password field can't be filled by the browser's password generator (option doesn't show up)
- Password phrases aren't possible as spaces seem to be disallowed
- Additional restrictions such as limiting the amount of repeated characters only provide additional rules for brute force systems, thus reducing the total amount of possible choices. In addition they make it hard for password generators to create a valid password.
- Putting limitations on the kinds of special characters allowed, makes me wonder doubt your user input sanitation...
In addition to this, they are asking for a 'security question', which are notoriously easy to find, guess or social engineer.
The first couple of answers I gave were also refused.Plus-signs are also not allowed in the e-mail address field, thus making it impossible to use #PlusFiltering, while also going against the #EMailRFC, which states that plus signs are allowed in the local-part of the address.
#Password #Passwords #PasswordFail #Security #SecurityFail #Squeenix #SquareEnix #FFXIV #emailFail #PasswordRestrictions #SecurityQuestions
-
#SquareEnix, your password and e-mail restrictions, use of security questions and other sign-up form requirements suck...
- Password field can't be pasted into
- Password field can't be filled by the browser's password generator (option doesn't show up)
- Password phrases aren't possible as spaces seem to be disallowed
- Additional restrictions such as limiting the amount of repeated characters only provide additional rules for brute force systems, thus reducing the total amount of possible choices. In addition they make it hard for password generators to create a valid password.
- Putting limitations on the kinds of special characters allowed, makes me wonder doubt your user input sanitation...
In addition to this, they are asking for a 'security question', which are notoriously easy to find, guess or social engineer.
The first couple of answers I gave were also refused.Plus-signs are also not allowed in the e-mail address field, thus making it impossible to use #PlusFiltering, while also going against the #EMailRFC, which states that plus signs are allowed in the local-part of the address.
#Password #Passwords #PasswordFail #Security #SecurityFail #Squeenix #SquareEnix #FFXIV #emailFail #PasswordRestrictions #SecurityQuestions
-
#SquareEnix, your password and e-mail restrictions, use of security questions and other sign-up form requirements suck...
- Password field can't be pasted into
- Password field can't be filled by the browser's password generator (option doesn't show up)
- Password phrases aren't possible as spaces seem to be disallowed
- Additional restrictions such as limiting the amount of repeated characters only provide additional rules for brute force systems, thus reducing the total amount of possible choices. In addition they make it hard for password generators to create a valid password.
- Putting limitations on the kinds of special characters allowed, makes me wonder doubt your user input sanitation...
In addition to this, they are asking for a 'security question', which are notoriously easy to find, guess or social engineer.
The first couple of answers I gave were also refused.Plus-signs are also not allowed in the e-mail address field, thus making it impossible to use #PlusFiltering, while also going against the #EMailRFC, which states that plus signs are allowed in the local-part of the address.
#Password #Passwords #PasswordFail #Security #SecurityFail #Squeenix #SquareEnix #FFXIV #emailFail #PasswordRestrictions #SecurityQuestions
-
Oh, web.de..... warum nur? Nicht einmal die Zeichensetzung ist korrekt...