Mastodawn

Christine Lemmer-Webber May 27

90% of websites

Christine Lemmer-Webber May 27

Me: I know better than you, website
you should listen to ME

Website: I am literally the government no YOU listen to me

Me: :<

Website: BAD girl

Me: :'<

Haelwenn /элвэн/

@cwebber Gov should be a democracy, no YOU listen to us.

@cwebber full of letters?
Wait there was a strong coffee joke in there before somewhere

Marcus Bointon May 27

@Crazypedia @cwebber new product idea - “new alphabetti spaghetti, now with added numbers and symbols”

@Synchro @Crazypedia @cwebber

Voracious Reader May 27

Passtawordi spaghetti

@Synchro @cwebber Good for use in passwords and AI generated code

Julia Rez May 27

@cwebber

... Look like Bob Todd.

</remarkably niche 80s 'joke'>

aeva May 27

@cwebber they get suspicious if you put in more than the minimum effort

aeva May 27

@cwebber no no no you can't use a good password, you can only use an ok password that's hard to remember and also install our "two factor" App or give us your phone number, which is very definitely not a data mining scheme

@cwebber woah, more than 20 characters?? are you insane?? chill out dude

SpudHead (bad quotes guy) (unfunny)May 27

@ari @cwebber correct horse battery staple

@jorgaborg @cwebber over 20 characters also we don't support spaces sorry!

HD May 27

@ari @cwebber had some benign website ask for a very silly set of rules. Asked for 'a special character'. I got an 'invalid password' when I used two special characters.

@hareldan @cwebber "no not those special characters. we don't do input validation on requests and you're going to make our database very upset. no we don't do password hashing what would we need that for"

Jon A. Cruz May 27

@ari @cwebber heh. Reminded me of using the SOROC terminals to the district mainframe back in high school. A few of the computer students were in the marching band drum line. They didn't care if you watched them type their password, as they'd actually speed drum it and use the full 32 characters we were allowed.

Pseudo Nym May 27

@ari @cwebber

More than 20 characters, in this economy?

May 28

@pseudonym @cwebber database storage isn't cheap, you know

Dame-Armiger Kali Ranya ⚔️🐈May 27

@cwebber strike my password down, and I shall make one stronger than you can possibly imagine

Gerrit Venema 🇪🇺🌍🍉May 27

@kaliranya @cwebber

Chuck Norris never logs in with a password. His passwords are always too strong.

Chuck Norris never writes programs. His variables are always too strongly typed for the language.

Vera [8598492], now with kissing!May 27

@cwebber hello password seller. I am going into battle and I want your strongest passwords.

GLC May 27

@mpk @cwebber

Save yourself some trouble, and buy a standard list. Alternatively, I'm told the password"Xkcd" has been proven secure, and you can add a special character if needed.

To keep your information secure, use just one secure password and never share it with a login screen.

Verena May 27

@cwebber '; DROP TABLE users; --

Softwarewolf May 27

@cwebber "Your password must contain AT LEAST one letter, one number, and one special character"
"Oops your password can only be ten characters long"

j-r conlin May 27

@faoluin @cwebber

Bah, the real fun is when you make the "special character" something like 🚂.
Sometimes it works, sometimes it doesn't, sometimes you learn that they don't always UTF-8 encode things.

FeloniousPunk May 27

@faoluin @cwebber 💪

Philip Mallegol-Hansen May 27

@faoluin @cwebber Your password must prevent AT MOST one bored teenager cracking attempt.

Vx. Princess "size_t queen" Grace

@cwebber please make it strong and make sure you use non-alphanumeric characters, but if you use the wrong ones, it just silently breaks the login form later

llewelly May 28

@BestGirlGrace @cwebber
also known as "please don't use any commas 'cause that'll break our comma separated password file"

Malcontent Creator

@cwebber and special characters

¤¡¦©¬⅛ ??

TOO SPECIAL

Malcontent Creator

@cwebber use normal special characters you see?

emenel May 27

@cwebber the other most common issue like this that i run into is (and you likely have as well)

“Enter your full legal name“
“No special characters allowed”

McTwist May 27

@emenel @cwebber Isn't this an issue in the US, where people with non A-Z letters need to handle it specifically by "Americanizing" their name? I also heard it wasn't even consistent in how they handled it.

emenel May 27

@mctwist i’m not in the US, and yes it is horribly inconsistent. In my experience the worst offenders are often airline web check-in systems.

@cwebber

Von Xylofon May 28

@emenel @mctwist @cwebber I wonder how airlines in Asia function because in my experience, nothing outside ASCII exists for them.

Vive Levant May 27

@emenel @cwebber The ‘ in my name and I can feel you !

Rémi Cardona May 28

@Vive_Levant @emenel @cwebber There should be some sort of forum/association for people in the west with non-ascii characters in their names. I regularly break label printers for Fedex/DHL et al.

Also, I do remember breaking a US website (mid 00's) that required entering a middle name 🤷

Will 🏳️‍🌈May 27

@emenel @cwebber Especially when it says that the name entered must match your government ID.

I get that issue a lot since I currently have a hyphenated last name.

Thorium May 27

@cwebber You can make them short and secure by using a mix of ASCII and Unicode.

Sabrina Web

📎May 27

@cwebber I've had that experience recently. I ended up with a password of exactly 8 characters, with exactly 1 uppercase letter, exactly 1 number, exactly 1 special character chosen from the list I've been given. The website rejected anything else. I hope I never have to interact with them again

@cwebber just for fun (and to help you with a new password): https://neal.fun/password-game/

The Password Game

Please choose a password

Sean Fenian May 27

@cwebber haha, I've seen this too often. Particularly on banking and government sites.

"Eight-character limit and no special characters allowed? IN THE 2020s? Are you fucking SHITTING me?"

Jess • Phoenix May 27

@cwebber Ah yes, "maximum password length", my beloathed.

Cyber Yuki May 27

@cwebber

The website: Password too long!

Me: 😮‍💨

Kauz May 27

@yuki2501 @cwebber why care about the password length if it is hashed the next step anyway... Wait... It's not stored in cleartext, is it?

Cyber Yuki May 27

@kauzerei @cwebber some things are better left unlearned... 😱

Fox Trenton 🎱May 28

@kauzerei @yuki2501 @cwebber Nope! My client hash the passwords!

With MD5...

Cyber Yuki May 29

@sintrenton @kauzerei @cwebber I remember the times when hashing passwords with MD5 was the most secure thing you could do.

McTwist May 27

@yuki2501 @cwebber There are two reasons why this makes sense: They store passwords in plain text and fixed length; They use a hash algorithm which either use up to a set of characters of the password or has a higher collision on longer passwords.

Cyber Yuki May 29

@mctwist @cwebber most of the time I've seen this happen is because companies store their passwords in plain text. And for some reason, executives say 8 characters should be enough or is the standard.

Don't ask me what their Infosec budget is.