Then you can generate a password so big and complex, the site or app starts begging you to stop. At that moment, you can say "ur password system is weak."

[–] bdonvr@thelemmy.club 34 points 1 week ago (7 children)

Careful with that. Sometimes a site will allow you to use some stupid long password when you sign up, but then it turns out that some other version of the site or an app for it on other platforms won't accept a password that long!

[–] apprehensively_human@lemmy.ca 2 points 1 week ago (2 children)

Or alternatively, it allows you to enter a password as long as you like, but on their end it gets truncated.

[–] noodly_appendage@lemmy.myserv.one 1 points 1 week ago (1 children)

My e-mail provider does this. I wanted to change my password to some 64 character long generated string. It accepted, but I could not log in after that. After a few tries, I found the reason and, after another few tries, also the limit at which it gets truncated: 16 characters! God, how I hate them for this...

[–] apprehensively_human@lemmy.ca 2 points 1 week ago

Perhaps even worse than this is when the hash allows you to enter what you think is your full password, but as long as the first characters are a match then it will succeed.
16 characters is probably fine as far as passwords go, but if the site is secretly truncating from 16 down to, say, 7 and still allows you to sign in, you don't even realize that your password isn't nearly as secure as you thought it was.

load more comments (4 replies)

load more comments (5 replies)