My main problem with passwords is the limits that sites put on what I can set for a password.
I could not tell you how many times I reset my password using my password manager, then immediately log out, and log in using the credentials I just saved into my password manager, and they don’t work, because the site is truncating the password to 15/20/whatever characters.
The number of times this limitation is not clearly stated, checked for, or even acknowledged by the site is too damn high.
I’ve made it a habit of testing a login after every password set/reset to ensure I don’t have trouble with it in the future.
My password manager generates 32 character passwords composed of random alphanumeric characters by default. I usually don’t modify it unless I hit a restriction, or its a site I’m particularly concerned about getting penetrated (in which case I increase the number of characters).
I don’t mind sharing that because bluntly: anyone reading this, good luck figuring it out. The permutations is something along the lines of (26*2+10+(special characters))^32… Which is 3.5239… * 10^60… Otherwise known as 3.5 novemdecillion.
My main problem with passwords is the limits that sites put on what I can set for a password.
I could not tell you how many times I reset my password using my password manager, then immediately log out, and log in using the credentials I just saved into my password manager, and they don’t work, because the site is truncating the password to 15/20/whatever characters.
The number of times this limitation is not clearly stated, checked for, or even acknowledged by the site is too damn high.
I’ve made it a habit of testing a login after every password set/reset to ensure I don’t have trouble with it in the future.
The amount of websites that limit passwords to 16 characters is alarming
Usually 15, 16, 20, or 25 in my experience.
15/16 I get, no idea why 20/25 is so common.
My password manager generates 32 character passwords composed of random alphanumeric characters by default. I usually don’t modify it unless I hit a restriction, or its a site I’m particularly concerned about getting penetrated (in which case I increase the number of characters).
I don’t mind sharing that because bluntly: anyone reading this, good luck figuring it out. The permutations is something along the lines of (26*2+10+(special characters))^32… Which is 3.5239… * 10^60… Otherwise known as 3.5 novemdecillion.
Ha.
Wish we just had like 256 char passwords so I could actually use passphrases instead of passwords.
It’d be way more secure for me compared to what I’m doing now.
I’d do like Star Trek haikus or some such which would be actually possible to remember.
A person of culture, I see.
For spice, I randomly change my password length. 15 to 50+. I don’t even fucking know.
I created an account on a hosted service we use at work the other day, my password had to be exactly 12 characters. No more no less.
Wow, that’s an extra level of special.
Stored plaintext in a CHAR(12) field in a DB2 database.
My fucking bank: 👀
ALL banks.
Or when the app has different limits than the webpage!
See also: Sites that don’t allow “+” in email addresses while logging in, but do accept them at registration (including confirmation emails)