this post was submitted on 18 Aug 2024
847 points (98.8% liked)
Cybersecurity - Memes
1975 readers
1 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I just reset my password with Southwest Airlines today. They had both the stupid 16 character limit and the stupid list of permitted special characters. But they also had the perplexing criterion that the first character of the password specifically couldn't be one of those permitted special characters.
Literally why.
Poor input sanitization probably.
I'm not saying it was a soft rule where the form refused to validate my input. It was an actual, fully-described rule in the bulleted list among the other rules. For whatever reason they specifically went out of their way to enforce it. And I cannot fathom why they would.
I understood what you meant, it doesn't change my answer though
The back-end environment could have at least a few ways to screw things up if, for example, they were passing the password thru a shell script to hash it and had poor sanitization of the input
!, #, and $ can be particular troublemakers at the start of a string, there's probably more I'm not aware of too.
when CEOs make security policy.