Nothing enrages me more than a password character limit. Thank you for making sure my password is LESS secure with your idiotic requirements based on security recommendations that are at least a decade old.
How about… an undisclosed character limit? We’ll just keep telling you your password is invalid until you figure out the max length.
Let the users enter as many characters as they want and silently crop the password to a few characters.
Fun fact, this is a feature of Lemmy:
- Lemmy has an undisclosed password limit of 60 characters.
- Lemmy’s signup form will silently truncate passwords longer than 60 characters to 60 characters.
- Lemmy’s login form will crash when passwords longer than 60 characters are submitted.
Someone please submit a PR
Try this simple and fun game to practice your password creation skills :^) https://neal.fun/password-game/
My bank requires your password to contain NO vowels. I always forget when I update the password (forced to every 3 months) and the error never mentions it.
I’m struggling to think why this would be a thing. The only guess I have is someone was told to enforce “no dictionary words in a password” and saw that as an ‘easier’ way to implement?
One one hand it reduces the total # of characters needed to brute force which is bad. On the other hand, like you said, it makes it so dictionary attacks are weaker - which is good
Although I think you could just get a regular dictionary, remove the vowels, and it would probably work just fine
So ultimately? I think stupid decision
I just use the KeePassXC password generator. :)
