Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Comment Re: My issue with password restrictions (Score 1) 159

by Tyrannosaur (#49349121) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

I hate the length limit too. I commented about how sometimes there is a length limit, but it happebs automatically, making your 80 character password 20 characters, and impossible to log in...

But it shouldn't even be a database issue. Unless I am mistaken, the length of hashes isn't (or at least doesn't have to be) dependent on the length of the input, so the database should store the same amount of information for "password" as for the entirety of beowulf...

Granted, that would take a lot longer for the hasher, but there are generally already things in place to prevent robots trying to bring down the system by attempting login many times a second, no?

Comment Re:There is also a problem with password length li (Score 1) 159

by Tyrannosaur (#49348431) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Sorry I guess I didn't describe the bug properly: often websites accept a long password to create the password, but apparently drop the rest of the string after a certain amount of characters which makes a password of fewer characters than the user wanted.

This wouldn't cause a problem (aside from being a security hole) except when I go to type in my long password to log in, the software takes the entire string and does not drop off the characters after the limit used in creating the password, effectively making it so I cannot log on with the password I tried to sign up with.

I use the clipboard only for testing to see if this bug is there; eliminating the potential that perhaps I just typed my password in incorrectly.

For example, I sign up for a user on website with username "username" and password "This is a very long and secure password". The site, in order to prevent the string being too long, only accepts 20 characters, making my password "This is a very long ". Ok. When I go to log in, however, there is no character dropping, and so it compares my password "This is a very long and secure password" to "This is a very long ", which obviously do not match, and I cannot log in, even though I am typing the same string every time.

This is the bug I was trying to describe and is very frustrating.

Comment There is also a problem with password length limit (Score 5, Insightful) 159

by Tyrannosaur (#49347419) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

There are also often (not told to the user!) length limits on passwords

I like making my passwords a sentence. Whether it is more secure or not, it is easier for me to remember and I like to pretend I believe it is super secure.

However, I have had several places where I make a user, make a password (which it thinks is super strong because it is like 50 characters), copy-paste it somewhere, and it says I have a user. I then try to login using the copy-pasted password, and it tells me I have a bad password. going through the password-reset process, it invariably works if I reset it to a much shorter password.

This is a bug that really annoys me, especially with xkcd encouraging people who might not know about this popular bug to make long passwords.

Slashdot Top Deals

"You know, we've won awards for this crap." -- David Letterman

Close