this post was submitted on 18 Aug 2024
847 points (98.8% liked)

Cybersecurity - Memes

1975 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[–] subignition@fedia.io 3 points 3 months ago (1 children)

Poor input sanitization probably.

[–] pixelscript@lemm.ee 1 points 3 months ago (1 children)

I'm not saying it was a soft rule where the form refused to validate my input. It was an actual, fully-described rule in the bulleted list among the other rules. For whatever reason they specifically went out of their way to enforce it. And I cannot fathom why they would.

[–] subignition@fedia.io 1 points 3 months ago

I understood what you meant, it doesn't change my answer though

The back-end environment could have at least a few ways to screw things up if, for example, they were passing the password thru a shell script to hash it and had poor sanitization of the input

!, #, and $ can be particular troublemakers at the start of a string, there's probably more I'm not aware of too.