What is with bad password requirements (lemmy.blahaj.zone)

submitted 1 day ago* (last edited 18 hours ago) by NullNet@lemmy.blahaj.zone to c/cybersecurity@infosec.pub

23 comments fedilink hide all child comments

Small rant incomming. I just went to look at applying to Walmart, and when going to make an account their password requirements were 8-11 characters. What kinda nonsense is that? Some terribly made backend I'd assume. It's bad enough I gotta make a million accounts when applying to jobs but then you got my PII sitting behind such terrible password requirements it makes me wonder where else they are cutting corners on security.

you are viewing a single comment's thread
view the rest of the comments

[-] graycube@lemmy.world 8 points 20 hours ago

If you allow unlimited length inputs of any kind, someone will break your system. 11 is way too short. But you do need some sort of maximum, even if it is very large.

[-] invertedspear@lemm.ee 14 points 14 hours ago

If you’re storing the password in the form the user entered it, you’re doing it wrong already.

[-] graycube@lemmy.world 3 points 9 hours ago

Even if you aren't storing it, if you allow unlimited length someone will break your stuff.

this post was submitted on 28 Nov 2024

57 points (96.7% liked)

cybersecurity

3306 readers

172 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub