Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-The Community !actuallyinfuriating has been born so that's where you should post the big stuff.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
I once registered an account with a random ~25 characters long password (Keepass PM) for buying tickets on https://uhuu.com.br/
The website allowed me to create the account just fine, but once I verified my e-mail, I couldn't log into it due to there being a character limit ONLY IN THE LOGIN PASSWORD FIELD. Atrocious.
EDIT: btw, the character limit was 12
PayPal did the same. Registration took 40 characters, login only half of that. Editing the login form didn't work unfortunately.
It's pretty stupid because the longer the password the more secure it is.
This shit pisses me off so bad. I had an identity theft a few years back, took ages to undo, and my credit score is still impacted by it. At the time I moved to a password manager and all my passwords are 31 characters of garbage. I’ve got several, highly sensitive accounts that my passwords don’t work for, in fact one a bank, until fairly recently, had repurposed a phone number field in the DB so passwords were limited to 10 characters numeric only (I managed to get one of their IT folks on the horn to explain why the password was so awful).
I cannot believe we live in 2025 and we still haven’t figured out passwords.
My bank forces a 6 digit PIN as a password.
Their 2fa is also email or text only.
At least we can set a unique username?
Yeah, I’m up to 40 hide my addresses for that same reason. Figure if the password sucks, at least the email can be unique and obscure.
We have figured out passwords. Management hasn’t figured out allocating resources to security, and governments haven’t figured out fining the crap out of such companies.
How about creating a new account, letting bitwarden create a password, only for them to send me a clear text copy of that passwod in their confirmation email....
i thought that practice died like 20 years ago
What’s more frustrating is when the password creation page is silently cutting off too long passwords and don’t inform you about it.
Don’t worry, pretty soon they will just block password managers from autofilling fields on their login page so that you HAVE to remember your password! Then you’ll be happy it can’t be that long, you can only fit so much on a post-it note on the side of your monitor
/s
EDIT: I think there should be a law against blocking password managers for filling in fields. Any brute force bots are going to submit HTTP requests directly anyway; no one is hitting the DOM to do that
think there should be a law against blocking password managers for filling in fields.
I’ve never heard of anyone trying to do that. I couldn’t even imagine how a website could detect a password manager.
My mum told be the other day she logged onto a new bank, gave it a 12 character password then couldn't get back in after. When she got through to their customer services they said that it was an 8 character password limit (!), but it just never said on the register screen.
Yeah, I'd be doing that bank if there's any choice.
Edit: Leaving (my attention got taken away as I posted)
Maybe that's security by obscurity. Or security by confusion. /s
Okay so I agree with you that a longer password is better but this in no way indicates clear text password storage.
Is the maximum 24 characters because their database column is a VARCHAR(24)? That's one of the first questions that I thought of. Sure, it doesn't guarantee plaintext, but it's a indicator that it may be stored plaintext, considering hashing doesn't care about length. Or at the very least whoever has had eyes on this code doesn't know shit about security, which makes me less confident in the product as a whole.
The only reason I can think of to have a maximum would be to save on bandwidth and CPU cycles, and even then 24 characters is ridiculously stingy when the difference would be negligible.
Oh look, a free account!
bcrypt hashes only the first 72 bytes. 24 characters is the max amount of 4 byte UTF8 characters when using bcrypt. Which is stupid because UTF8 is variable, but still, it's a possible explanation.
It does. If you hash the user passwords, which you should, the hash is always the same length and it's thus irrelevant how many characters the user's password consists of.
Now, it's not certain though, which wasn't claimed either, because the front end developer might have other reasons for setting limits. The backend shouldn't care though.
Password hashes always have the same length.
Why is there a limit at 24? It may be an arbitrary limit set, or it may be because they don't store more.
Your password MUST contain big and small letters, and contain at least 1 number character and 1 spacial character, it MUST be 8 characters long, and it MUST be typed on a German Cherry keyboard between 8-9 PM, using ONLY 1 finger while blindfolded and listening to ABBA music. BUT NO SPACES ALLOWED!!!
This is because of something called entropy we never even read about so we have zero understanding of it. Of course combined with lousy programming, so safety is all on you.
Making all these possibilities OPTIONAL would actually make for safer passwords (higher entropy), as would using multiple words separated by spaces. The only meaningful way to accept a password would be to test it against common bad passwords, and test the entropy to determine acceptable levels. There is no good reason a password couldn't be 10 words and at least 127 characters. There is no way that should stress a properly designed modern system.
you forgot that you can only use a selection of special characters from a pre approved list of 10.
Had that yesterday.
"Must use special characters!"
"Okay, no problem. Here you go."
"Not that one! It's too special!"
"Dude, I haven't even touched extended ASCII yet."
A pre-approved list of 10 which THEY DON'T EVEN TELL YOU WHAT THEY ARE
I love when there are so many rules that my first few randomly-generated passwords are rejected.
I've had a case in the past where I reduced my password to the limit, but after account creation, I was not able to log in.
Turns out they had an off-by-one issue, and a password with a length slightly below the limit worked fine.
I once got locked out of an HP printer because it chopped off the last few characters of a password. Only figured it out because somebody had made a comment online about password length
Obligatory https://neal.fun/password-game/
~~I don't understand rule 5. "Digits shall add up to 25" I have a 1 and a 24, and it doesn't accept it :(~~
figured it out, it adds digits, not numbers
I got a login on an IBM system. I logged in and moved to the change password mask. Changed my password to something filling out the 12 character new password field. Logged out, and got the login mask again. With an eight character password field.
Banks are the fucking worst for this. I assume it's because they're built on some 500 year old CICS mainframe.
Recently had a password that was acceptable for the account creation page on the website but too long for the login screen in the mobile app.
Took me a while to figure out that pasting into that field was just quietly dropping characters.
What is worse is when it does not quietly drop any characters and you have to keep resetting your password.
The password on my PC is something like 30 characters long. Back when win10 was first coming out, they were pushing getting an actual outlook account and tying that to your login. I was hesitant at first, but figured I'd try it out and see how that worked for me.
Turns out outlook accounts (at the time) had something like a 16 character limit on passwords. Bruh.
Then again, there's not much point to super long passwords. They'll be turned into hashes, commonly of 128, 196, or 256 bits length. When brute forcing, by a certain length, it's pretty much guaranteed there's a shorter combination computing to the same hash. And an attacker doesn't need your password, just some password that computes to the same hash. With 256 bit hashes a password with 1000 characters isn't more secure than one with 15 in any meaningful way.
I had this problem with a fucking bank once. Even better are the sites that silently chop off characters after the internal limit, on the backend, but don't tell you or limit the characters on the frontend. I had a really fun time with that last scenario once, resetting my password over and over and having it never work until I decided to just try a shorter password.
oh. this has been a big pet peeve of mine for awhile. After starting to use password managers I figured I would standardize on the largest required characters only to find a source whos maximum characters were lower than anothers minimum characters.