BeyondMachines Apr 28
some people deserve Extra-Hell
Show threadRejZoR

@beyondmachines1 "We require full ASCII password with at least 16 characters"

Blocks pasting of passwords. Dafuck? You know who actually does this shit? VMWare. I wanted to create account and they didn't allow me to paste a god damn super complex password into their stupid form. ?!

Apr 28 at 10:32amMastodon for Android
Show threadBeyondMachines Apr 28
@rejzor There are so many orgs doing the same.
Show threadRejZoRApr 28
@beyondmachines1 While I appreciate they require 16 characters, it's asshole design to not allow pasting.
Show thread🐧DaveNull🐧 ☣️pResident Evil☣Apr 28

@beyondmachines1 And limiting password lenghts and complexity (limited list of allowed special chars) as well.

Some even
- suddently started to not recognize complex passwords that has been valid in the past
- still allow such complex when defining a password BUT not in the actual authentication form… leaving you with an "invalid" password 🤡
- limit your ability to reset your password (only once every x hours) AND not providing a list of special characters they consider "valid". 😠

@rejzor

Show threadRejZoRApr 28
@devnull @beyondmachines1 Oh, the ones that made me go ape shit is limiting the upper character limit. Like, what is the technical reasoning for limiting passwords to max 20 characters? For a lot of important services I use WAY more characters. I've always put such stupid companies on blast on my blog.
Show threadGustavoApr 28
@rejzor For a such low character limit, I would assume they are not hashing their passwords. bcrypt character limit is 72 bytes (and people can just pre-hash to workaround this limit), 20 characters is too low.
Show thread🐧DaveNull🐧 ☣️pResident Evil☣Apr 28

@rejzor That's Brother for you. Limit is 16 chars. Or rather… micro$hit does. Since brother uses M$ for authentication for their Europe/France e-shop (at least they like last year when I needed to order a black ink toner for my LED printer).

Becaude they limit passwords to 16 characters/depend on M$ servers, I stopped the account creation process in the middle and ordered the toner elsewhere 🖕

It takes special kind of stupid to depend on 3rd party servers for authentication…

@beyondmachines1

Show threadGustavoApr 28
@devnull Limited list of special chars make me think they are worried about SQL injection or XSS... which would never happen if they hash their passwords in the first place. Unless they are not doing that.
Show thread🐧DaveNull🐧 ☣️pResident Evil☣Apr 28
@qgustavor Exactly, and not hashing passwords is unacceptable!
Show threadJernej Simončič �Apr 28
@rejzor @beyondmachines1 There are extensions to fix this:
https://addons.mozilla.org/en-US/firefox/addon/don-t-fuck-with-paste/
https://chromewebstore.google.com/detail/dont-f-with-paste/nkgllhigpcljnhoakjkgaieabnkmgdkb
Don't Fuck With Paste – Get this Extension for 🦊 Firefox (en-US)

Download Don't Fuck With Paste for Firefox. This add-on stops websites from blocking copy and paste for password fields and other input fields.