Lauren WeinsteinJan 3, 2023
One of the website UI modalities that I just *despise* are sites that block copy/paste (either via mouse clicks and sometimes also keyboard shortcuts) for filling important fields, out of some sort of misguided belief that this somehow enhances security. Actually it easily makes it worse in most cases. This is similar to sites that have crazy password rules (that they often can't even implement properly) that also tend to make security worse, not better. E.g., "Your password must contain between 10 and 22 characters, include no less than 3 characters between G and Q, at least two special characters, and a lowercase m and p. Thank you."
Show threadahistorical immaterialistJan 3, 2023
@lauren when sites have a *maximum* password length I can't do anything but assume that's because they're storing them in plaintext in a fixed-length database field rather than hashing them.
Show threadsʌǝu ᴧɐɹʞǝʃ 🤘🇪🇪🤘
@lauren @jimbob *some* limit on max length still makes sense. I mean - nobody wants a 2GB file dumped as a password and the hashed on serverside. I'm OK with max length limit between 64 and 1024 characters.
Jan 3, 2023 at 7:21amWeb