this post was submitted on 14 Jul 2023
1151 points (92.2% liked)

Technology

58303 readers
15 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

We've all been there.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 12 points 1 year ago (1 children)

All of those things can be verified before storing the password in any way, encrypted or not, and checking them would be a requisite before storing it.

While it's true that they don't have a significant impact on the hash generated, they make it significantly more difficult for anyone to guess your password. It's much easier to guess password321 than something like Or^9L%u&QQ12XxI@. And that has nothing to do with how the password is ultimately stored.

[โ€“] [email protected] 0 points 1 year ago

Of course, requiring at least one symbol or upper case letter etc is a good idea, along with a minimum length. Many websites won't let you use a password longer than a certain amount of characters. The only reason for that limitation is that they are storing the database field as plaintext, and anything longer will not fit into that column.