Katrin Krieger ☀️Jul 21, 2023
yan
more password fields should just show you the regex it needs to match
Jul 20, 2023 at 7:00pmWeb
Show threadyanJul 20, 2023
this is my doctor's billing vendor's site so it was a bit of a shock
Show threadJer WarrenJul 20, 2023
@bcrypt wait, this is real?? lol
Show threadTrammell HudsonJul 20, 2023
@bcrypt what are the two secret requirements?
Show threadyanJul 20, 2023
@th i'm guessing [a-z] and [A-Z] lol
Show threadRechner FoxJul 20, 2023
@bcrypt @th not shown is the regex which parses the requirement regex and shows those bullet points haha
Show threadTimothy WolodzkoJul 20, 2023
@th @bcrypt The secret sauce.
Show threadTrav StoneJul 20, 2023
@th @bcrypt I like to imagine they're tokens for "you'll know it when you see it", and "if you have to ask, you'll never know"
Show threadSeán FenianJul 20, 2023
@bcrypt We need a better solution than passwords.
Show threadTom WestmacottJul 20, 2023
@bcrypt You have a data input problem. You decide to just display the regex. Now it's someone else's problem.
Show threadcrlfJul 20, 2023

@bcrypt
That's not a full description of the requirements. That should be:

At least one lowercase letter, appearing before an uppercase letter, appearing before a number, appearing before one special character (of the list "~!@#$%*&;:.?>+-=_"), which must not be in the last 8 characters of the password.

Show threadAndrew LidenJul 20, 2023

@bcrypt it's all fun and games until someone dumps the hash of your last password in there as a way to enforce that you can't reuse a password.

Yes, that'd be the wrong way to do that, but there's probably someone out there that doesn't know that, or just doesn't care.

Show threadisaacsJul 21, 2023
@bcrypt I wonder how many people use that suggested regexp as their password, since it is valid.
Show threadJens DibbernJul 21, 2023
@bcrypt Maybe you should require a valid regex as password.