this post was submitted on 04 Apr 2024
1019 points (98.8% liked)

linuxmemes

20880 readers
9 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 30 points 7 months ago (2 children)

My bank keeps their app up to date with all the latest anti-root stuff but allows passwords made of 5 digits. ¯\_(ツ)_/¯

[–] [email protected] 7 points 7 months ago (2 children)

Unless they've changed it very recently, Paypal still limits your password to 20 characters

[–] [email protected] 10 points 7 months ago (1 children)

Unless they’ve changed it very recently, Wells Fargo’s passwords are case insensitive

[–] [email protected] 6 points 7 months ago (1 children)

Air Canada's online account system required a 6 character password, which was secretly converted via T9 to 6 numbers on the back end, meaning "aaaaaa" and "bbbbbb" were effectively the same password, and this was only fixed in 2018

[–] [email protected] 2 points 7 months ago (1 children)

That sounds like someone who topped out with highschool level programming tried to implement a hash algorithm.

[–] [email protected] 4 points 7 months ago

My personal theory is that it's a remnant of an old system that was only accessible by phone (hence the 6 digit pin), and they simply grafted an online component on top of it

[–] [email protected] 5 points 7 months ago (1 children)

Any service that limits maximum length of the password means they are not hashing them. Which is a scary proposition, especially for such a huge service.

[–] [email protected] 3 points 7 months ago (1 children)

That's normally my assumption too but surely PayPal has proper security, right? Right??

[–] [email protected] 2 points 7 months ago

It's possible that limit is either gone or vestige from a bygone age and they are hashing passwords properly now. Either way they do seem like they take security seriously.

[–] [email protected] 4 points 7 months ago

Ah, that's the "your problem" approach to security.