30

My mobile provider doesn't allow me to set a password that contains any other symbol than letters and numbers for the website where you can look at how much data you consumed (and can order new data, change plans, etc.). Are you kidding me. This is making shit insecure, you fucks!

Comments
  • 0
    @hube Totally secure and totally preventing anyone that wants to destroy someone's life to destroy someone's life...
  • 2
    You can always add more entropy by adding more characters in the allowed alphabet. Unless they also restrict the length to some low limit.
  • 1
    @slar Passwort must be between 6 and 20 characters, has to contain at least one lowercase letter, one uppercase and a number, must not contain any special characters.
  • 3
    My ISP has a similar website with login as an incrementing for every new user number and the same default password for everyone. I could see other people's name, credit card number and lots of other things, as well as deactivate their accounts. (I did not)
  • 3
  • 7
    My university website looks only at the first 6 characters of the password. So "password" is the same as "passwo", "passwobshdhd", etc.
  • 2
    @filthyranter, that's plenty, assuming that they have sane handling on the back end (which might be too much to ask), 20 random letters and numbers is not feasible to brute force.
  • 1
    @siksniraps wtf why would they do that
  • 0
    @mrtnrdl The worst thing is, it wouldn't even hurt them if longer passwords were used ;-;
  • 1
    Makes you wonder if they even heard about hashing
  • 1
    @filthyranter gotta save those bytes
  • 2
    @mrtnrdl that's how my (former) bank Handel's online banking. except it's only numbers. And exactly 5 of them.
  • 2
    @AlmightyBaka it you're hashing the password, the hashed length of all the passwords is the same.
  • 0
    @papierbouwer the question is, do they? 😉😐
  • 0
Add Comment