• Bytemeister@lemmy.world
    link
    fedilink
    Ελληνικά
    arrow-up
    0
    ·
    4 months ago

    Not bad, but I could see that creating passwords that are too long for some systems, and it would be vulnerable to dictionary attacks. Also, what would you do when the site requires a password reset?

    Maybe do your strat, but only do every other, or every 3rd letter as a short word, and use a Caesar cipher, incrementing the cipher once each time you have to reset? Sounds kinda fun, but I don’t think most sane people would do that… Open to ideas though.

    • Tlaloc_Temporal@lemmy.ca
      link
      fedilink
      arrow-up
      0
      ·
      4 months ago

      I’ve come across several sites with abhorrently short password limits, as low as 12.

      Worse, 2 of them accepted the longer password, but only saves the first n characters, so you can’t log in even with the correct password, untill you figure out the exact max length and truncate it manually.

      Even worse, one of those sites was a school authentication site, but it accepted the full password online and only truncated the password on the work computer login. That took me an entire period to suss out.

      • evasive_chimpanzee@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        4 months ago

        You just gave me a flashback to a system I encountered as a student where my password got truncated, so I couldn’t log in. I had to ask the teacher what to do, expecting her to have access to a reset or something, but she just told me what my password was. It was like 3 and a half words, clearly truncated and stored in plain text.