Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re: My issue with password restrictions (Score 1) 159

by Tyrannosaur (#49349121) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

I hate the length limit too. I commented about how sometimes there is a length limit, but it happebs automatically, making your 80 character password 20 characters, and impossible to log in...

But it shouldn't even be a database issue. Unless I am mistaken, the length of hashes isn't (or at least doesn't have to be) dependent on the length of the input, so the database should store the same amount of information for "password" as for the entirety of beowulf...

Granted, that would take a lot longer for the hasher, but there are generally already things in place to prevent robots trying to bring down the system by attempting login many times a second, no?

Comment: Re:There is also a problem with password length li (Score 1) 159

by Tyrannosaur (#49348431) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

Sorry I guess I didn't describe the bug properly: often websites accept a long password to create the password, but apparently drop the rest of the string after a certain amount of characters which makes a password of fewer characters than the user wanted.

This wouldn't cause a problem (aside from being a security hole) except when I go to type in my long password to log in, the software takes the entire string and does not drop off the characters after the limit used in creating the password, effectively making it so I cannot log on with the password I tried to sign up with.

I use the clipboard only for testing to see if this bug is there; eliminating the potential that perhaps I just typed my password in incorrectly.

For example, I sign up for a user on website with username "username" and password "This is a very long and secure password". The site, in order to prevent the string being too long, only accepts 20 characters, making my password "This is a very long ". Ok. When I go to log in, however, there is no character dropping, and so it compares my password "This is a very long and secure password" to "This is a very long ", which obviously do not match, and I cannot log in, even though I am typing the same string every time.

This is the bug I was trying to describe and is very frustrating.

Comment: There is also a problem with password length limit (Score 5, Insightful) 159

by Tyrannosaur (#49347419) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

There are also often (not told to the user!) length limits on passwords

I like making my passwords a sentence. Whether it is more secure or not, it is easier for me to remember and I like to pretend I believe it is super secure.

However, I have had several places where I make a user, make a password (which it thinks is super strong because it is like 50 characters), copy-paste it somewhere, and it says I have a user. I then try to login using the copy-pasted password, and it tells me I have a bad password. going through the password-reset process, it invariably works if I reset it to a much shorter password.

This is a bug that really annoys me, especially with xkcd encouraging people who might not know about this popular bug to make long passwords.

Nothing in progression can rest on its original plan. We may as well think of rocking a grown man in the cradle of an infant. -- Edmund Burke

Working...