Mastodawn

ideclon Feb 13, 2023

Really good post on Quora on bad passwords - https://qr.ae/prgAmJ

Why do websites restrict the character set used in passwords so much? Doesn't that make passwords less secure?

Stan Hanks's answer: Well, as with many many things in security, this is a combination of Security Theater, and a colossal game of “telephone”, where someone with actual authority and credibility made a statement which was massively misinterpreted by well, IT people. Let’s set the stage for this...

Quora

FiXato Jan 13, 2023

#SquareEnix, your password and e-mail restrictions, use of security questions and other sign-up form requirements suck...

Password field can't be pasted into
Password field can't be filled by the browser's password generator (option doesn't show up)
Password phrases aren't possible as spaces seem to be disallowed
Additional restrictions such as limiting the amount of repeated characters only provide additional rules for brute force systems, thus reducing the total amount of possible choices. In addition they make it hard for password generators to create a valid password.
Putting limitations on the kinds of special characters allowed, makes me wonder doubt your user input sanitation...

In addition to this, they are asking for a 'security question', which are notoriously easy to find, guess or social engineer.
The first couple of answers I gave were also refused.

Plus-signs are also not allowed in the e-mail address field, thus making it impossible to use #PlusFiltering, while also going against the #EMailRFC, which states that plus signs are allowed in the local-part of the address.

#Password #Passwords #PasswordFail #Security #SecurityFail #Squeenix #SquareEnix #FFXIV #emailFail #PasswordRestrictions #SecurityQuestions