Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
My rant here is that I dislike it when my username is for some arbitrary reason considered invalid by some services.
-
rozzzly16718y@Daneo huh?
"your username may only contain letters, numbers, and hyphens"
by "the regex matches the description" do you mean its invalid because it contains letters and hyphens, but not numbers?
While one might argue that the message might allow for some ambiguity, I think it's clear to everybody that's not what the author intended. -
rozzzly16718y@Frederikam I like to show a password validation message like:
* A password may only consist of (mixed case) letters, numbers, and the following symbols: &%^$#@!*-_=+[]()
* A pass must be at least 6 characters long.
* A pass must contain at least one number, one lowercase letter, one uppercase letter, and one of the following symbols symbols: &%^$#@!*-_=+[]()
* A pass may not be one of the 1000 most common passwords. (link to article about passwords strength in dictionary vs bruteforce attacks) -
@rozzzly I'm glad it doesn't mention the following:
* A pass must not be longer than 16 characters long.
I'm looking at you Microsoft -
rozzzly16718yI rarely see the last requirement in the wild, but it is so damn important and easy as all hell to implement.
I'd estimate 90% of hashes cracked by rainbow tables would have been safe if the top 5k+ passwords were prohibited ....and I totally have...lots of data..to back that up -
rozzzly16718y@Frederikam try "passwords may only be letters and numbers and are exactly 6 characters long"
You wouldn't believe how shitty & insecure web services are for nearly ever large chain corp. (ie: retailers like walmart, target, bestbuy / restaurants like taco bell, noodles & co, chipotle, olive garden)
Most of it is for internal HR stuff so min wage worker can setup their direct deposit, etc. but when at best a quarter of that isn't even over https... well that leave it open for really anything. -
@rozzzly Never encountered such a fixed length requirement. That's really stupid.
What's also stupid is when they send you your password in an email. A big red flag that they don't hash their passwords. -
@fatlard1993 the popup is probably right, but my rant is about underscores not being valid characters.
-
Daneo1308y@fatlard1993 thanks for mentioning that, I should've said that specifically when I said the regex was 'right' 😂
-
dfox428278yThere's actually a very simple/logic reason we have that rule. While I'm not sure if specs have changed in more recent years, years ago underscores were not valid in subdomains. I think they might be valid now, but I'm not positive.
Why does this matter for us? Because of profiles. Right now your profile url puts your username on the actual path, ex. https://www.devrant.io/users/dfox
In the future, we might have a use for instead having subdomains for user profiles or something. I think limiting the characters allowed in general makes the URLs cleaner especially if we ever switch to subdomains.
When an app rejects your username for containing an underscore. It's "Fre_d" btw.
undefined