this post was submitted on 24 Jun 2024
433 points (98.0% liked)
Asklemmy
43984 readers
727 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not bad, but I could see that creating passwords that are too long for some systems, and it would be vulnerable to dictionary attacks. Also, what would you do when the site requires a password reset?
Maybe do your strat, but only do every other, or every 3rd letter as a short word, and use a Caesar cipher, incrementing the cipher once each time you have to reset? Sounds kinda fun, but I don't think most sane people would do that... Open to ideas though.
I've come across several sites with abhorrently short password limits, as low as 12.
Worse, 2 of them accepted the longer password, but only saves the first n characters, so you can't log in even with the correct password, untill you figure out the exact max length and truncate it manually.
Even worse, one of those sites was a school authentication site, but it accepted the full password online and only truncated the password on the work computer login. That took me an entire period to suss out.
You just gave me a flashback to a system I encountered as a student where my password got truncated, so I couldn't log in. I had to ask the teacher what to do, expecting her to have access to a reset or something, but she just told me what my password was. It was like 3 and a half words, clearly truncated and stored in plain text.
I personally just use a pw manager. If I used them system myself, the alphabet words would probably be strings of characters that arenβt real words and Iβd probably salt them too. But yeah I imagine you could run into size limits, which is a problem.
I just wanted to share a pw strategy that seemed interesting. I used a simple pattern to make the concept easier to understand.