Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
jo29911377yInstead of doing this, why dont just generate random password for the user to make things easier lol at the end of the day the passw would be hard to remember
-
anitavm19967y@nblackburn I'm assuming they save hashes of the passwords...
On the other hand every single security course teaches us the same thing... "Humans are your biggest security risk". While using a complex password like that might might a brute force attack less likely, it will increase the likelihood of the user writing their password down on a sticky note on their desk or even worse in a text file on their desktop. This is why multi-factor authentication should be higher priority than complex passwords. -
@treeroot I didn't think many people will get the rainbow table reference. Good to know people know this thing.
-
Yet another huge org with no concept of what users are or how they operate. When will they start to get that the more complex they make password requirements, the more insecure they make things because the more users will take insecure alternative steps to actually remember their password.
-
This can't be real, why would they limit it to exactly 8 characters. It's been a while since I looked into brute force attacks but I feel like GPUs should be getting close to that.
-
@Condor I know that but fear they don't as storing previous passwords carries a risk hashed or not.
I'm glad I don't even have to register an account @SAP...
undefined