Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-The Community !actuallyinfuriating has been born so that's where you should post the big stuff.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)
Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.
At least they tell you. I signed up with websites that just cut the password after the 12th character. No way of signing in with the password again (not without trying a couple of times, at least)
when you varchar(24) and forget about the hash
One of the accounts that I have to use at my job is like this but much much worse. It only accepts letters and numbers, no capitalization, no symbols and can only be 8 digits long maximum. It's like they want to account to be easy to compromise.
That sounds like the limitations of an ancient mainframe system. If so, then someone trying to brute force their way in would be more likely to crash the system instead.
i once used 20 for a bank. the website havent told me it was too long just clipped off 2 and accepted the rest. not even the banking support was able to help me. took me a few days to solve this by accident.
This shit always pisses me off. I've encountered it in like 2-3 places over the years since I started using a password manager, and every time it's so frustrating and hard to figure out.
I like it that the site says the max length....this is not common. I wish it was.
The problem is a password hash is a fixed length regardless of the password, so if this is implemented correctly there is no need for a maximum password length. These things raise my security flag because it makes me think they are storing the password in plain text instead of doing proper practice and storing the hash only.
If I have to create a password Ill need to remember and don't have access to my password manager for whatever reason I have a long phrase that's my go to but I have a system about adding numbers and characters to it based on the context of the log in. Sites with character limits really fuck that up.
At least they tell you. I’ve had inputs take the full password and then truncate it silently, so you don’t actually know what they saved. Then, you try to login and they tell you wrong password.
I once encountered a system that truncated your submitted password if you logged in through their app, but not through their website. So you would set your password through the website, verify that the login was working (through the website) and then have that same login fail through the app.
I don't have it in me
My worst experience so far was a webpage that trimmed passwords to 20 characters in length without telling you. Good luck logging in afterwards...
One of my favorite memories of how much Something Awful's sysadmins were absolutely amateur hour back in the early 2000s was the "lappy" to "laptop" debacle. Apparently Lowtax found the term "lappy" so annoying that he ordered his system administrator to do a find/replace for every instance of "lappy," replacing them with "laptop."
Unfortunately this included usernames and passwords, as well as anything that just managed to have the letters "lappy" in that order anywhere in the word. So, there was one user named 'Clappy' who woke up one day to find his name changed to 'Claptop.' Apparently this is also how people discovered that they were storing password unsalted in plain text in a fucking MySQL database, which if you're old enough, you probably already remember that the combination of MySQL and PHPmyAdmin were like Swiss cheese when it comes to site defense. :p
Flaptop Bird
That must have done a lot of dawizard to their reputation.
The password should be hashed anyway, which has a fixed output
But there must be a (long) max length anyway, to prevent some kinds of attacks.
I once registered an account with a random ~25 characters long password (Keepass PM) for buying tickets on https://uhuu.com.br/
The website allowed me to create the account just fine, but once I verified my e-mail, I couldn't log into it due to there being a character limit ONLY IN THE LOGIN PASSWORD FIELD. Atrocious.
EDIT: btw, the character limit was 12
We have a customer, a big international corporation, that has very specific rules for their intranet passwords:
I can only assume that whoever came up with these rules is either an especially demented BofH, or they have some really really weird legacy infrastructure to deal with.
I am a designer, but I once did a project with a very very major and recognizable tech corporation that, no joke, implemented an 8 character limit on passwords for storage reasons.
This company made in the tune of tens of billions of dollars per year, and they were penny-pinching on literal bytes of data.
I can't say who it is, but their name begins with 'M' and ends in 'cAfee.'
If password length affects storage size then something has gone very wrong. They should be hashed, not encrypted or in plaintext.
You've got to stop all those who put: abcdefghijklmnopqrstuvwxyz
That's my password for most things, any hackers die of RSI before they get in.
It'll be caught by a dictionary attack. at least do something to break up their sequential order.
This shit pisses me off so bad. I had an identity theft a few years back, took ages to undo, and my credit score is still impacted by it. At the time I moved to a password manager and all my passwords are 31 characters of garbage. I’ve got several, highly sensitive accounts that my passwords don’t work for, in fact one a bank, until fairly recently, had repurposed a phone number field in the DB so passwords were limited to 10 characters numeric only (I managed to get one of their IT folks on the horn to explain why the password was so awful).
I cannot believe we live in 2025 and we still haven’t figured out passwords.
My bank forces a 6 digit PIN as a password.
Their 2fa is also email or text only.
At least we can set a unique username?
For a system I worked on a few years ago I got the password requirement:
Only upper case letters A-Z, no letter or symbols.
Exactly 7 characters.
I was also recommended to make it a single word to make it memorable.
My favorite is when they don't have this check, but silently slice the string to meet the requirement, so that you can't login with the original password the next time.
Wells Fargo used to do this. They cut my 16 character password to 8 and negated capitalization. Which is why I don't use them anymore
Okay so I agree with you that a longer password is better but this in no way indicates clear text password storage.
Is the maximum 24 characters because their database column is a VARCHAR(24)? That's one of the first questions that I thought of. Sure, it doesn't guarantee plaintext, but it's a indicator that it may be stored plaintext, considering hashing doesn't care about length. Or at the very least whoever has had eyes on this code doesn't know shit about security, which makes me less confident in the product as a whole.
The only reason I can think of to have a maximum would be to save on bandwidth and CPU cycles, and even then 24 characters is ridiculously stingy when the difference would be negligible.
bcrypt hashes only the first 72 bytes. 24 characters is the max amount of 4 byte UTF8 characters when using bcrypt. Which is stupid because UTF8 is variable, but still, it's a possible explanation.
What’s more frustrating is when the password creation page is silently cutting off too long passwords and don’t inform you about it.
This seems to be very common still
How about creating a new account, letting bitwarden create a password, only for them to send me a clear text copy of that passwod in their confirmation email....
Some people even suggest typing a longer password over a simpler one with more special characters. It's harder to brute force.
My mum told be the other day she logged onto a new bank, gave it a 12 character password then couldn't get back in after. When she got through to their customer services they said that it was an 8 character password limit (!), but it just never said on the register screen.
Your password MUST contain big and small letters, and contain at least 1 number character and 1 spacial character, it MUST be 8 characters long, and it MUST be typed on a German Cherry keyboard between 8-9 PM, using ONLY 1 finger while blindfolded and listening to ABBA music. BUT NO SPACES ALLOWED!!!
This is because of something called entropy we never even read about so we have zero understanding of it. Of course combined with lousy programming, so safety is all on you.
Making all these possibilities OPTIONAL would actually make for safer passwords (higher entropy), as would using multiple words separated by spaces. The only meaningful way to accept a password would be to test it against common bad passwords, and test the entropy to determine acceptable levels. There is no good reason a password couldn't be 10 words and at least 127 characters. There is no way that should stress a properly designed modern system.
Don’t worry, pretty soon they will just block password managers from autofilling fields on their login page so that you HAVE to remember your password! Then you’ll be happy it can’t be that long, you can only fit so much on a post-it note on the side of your monitor
/s
EDIT: I think there should be a law against blocking password managers for filling in fields. Any brute force bots are going to submit HTTP requests directly anyway; no one is hitting the DOM to do that
