this post was submitted on 24 Jun 2024
552 points (98.9% liked)
Funny: Home of the Haha
5478 readers
3 users here now
Welcome to /c/funny, a place for all your humorous and amusing content.
Looking for mods! Send an application to Stamets!
Our Rules:
-
Keep it civil. We're all people here. Be respectful to one another.
-
No sexism, racism, homophobia, transphobia or any other flavor of bigotry. I should not need to explain this one.
-
Try not to repost anything posted within the past month. Beyond that, go for it. Not everyone is on every site all the time.
Other Communities:
-
/c/[email protected] - Star Trek chat, memes and shitposts
-
/c/[email protected] - General memes
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I like testing websites maximum length. I'll set bitwarden random generator to like 100 and see if it accepts the password. After that I start testing if it's actually using the whole password or arbitrarily cutting it off early without telling me
i have totally run into stuff that silently truncates the password i give it. It's always something like online banking that you would hope has robust enough security standards to hash that shit, too... The one in particular i'm thinking of silently truncated the password in the reset-password form, but not for the log-in form. Took me forever to figure out wtf was going on there.
I've had this before as well; Very annoying.
Banks are world class leaders in technical inertia. Almost certainly at some point when they're designing their system they've got a interface from the 1970s or maybe even the 1980s if it's a new bank, that has to work with everything else which has the limited input fields. And that just propagates to all the other systems in these weird ways
Oh yeah we're using a file system that integrates over LDAT but it only looks at the first eight characters cuz the rest are used for the domain etc etc etc
Banks are still doing SMS-based 2FA. And after doing some security training at work written by the FBI and seeing it suggest switching letters/numbers around to make a password “more secure” (like
th15
); I’ve completely lost confidence in banks’ security standards.“Password is too long” when it’s like, 16 characters 😒