this post was submitted on 26 Sep 2024
548 points (99.3% liked)

Technology

59311 readers
5850 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

you are viewing a single comment's thread
view the rest of the comments
[–] dual_sport_dork@lemmy.world 25 points 1 month ago (6 children)

Characters are characters. The system I just wrote will accept anything, because the first thing I do with it is hash it. If you want to make your password:

░▒▓█ ʥ۞ݔݯݲݸݴݺ '; drop table users; 🤣💩ʩ █▓▒░

Then go for it. More power to you for typing that out or, more likely, letting your password manager remember it. Make your password as entropic as you can manage, I don't care how you arrive there.

[–] sugar_in_your_tea@sh.itjust.works 16 points 1 month ago (4 children)

Yup. All I care is that your password isn't the entire works of Shakespeare or something like that. A couple hundred characters/bytes? You do you.

What really bothers me is when a website says something like: must have a special character, except these ones (proceeds to list everything except @ and !). And then the next one has the same rule, but different exceptions.

Passwords should be treated as a black box, just read it as bytes and throw it into the hash algorithm. You want to somehow enter a nyan cat? Be my guest, no guarantee the input box will accept it though.

[–] Smokeless7048@lemmy.world 12 points 1 month ago (3 children)

also: "password is too long, max password length is 12 digits"

Why... like, sure, cap it at 256 or something reasonable. but ive run into as low as 9 digits.

[–] Sneezydinosaur@lemmy.world 7 points 1 month ago (1 children)

I had a simulator for school truncate after like 13 characters. And nowhere on their page did it specify a character limit. Would still accept an input of like 64 characters though. Got locked out of that account many times.

[–] Hazor@lemmy.world 7 points 1 month ago

I've run into similar: on the account creation page there was no character limit on the input box nor stated in the password requirements, but on the login page the password input box was limited to 14 characters. So you could successfully create an account with a long password, you just couldn't log in because it wouldn't let you enter the whole password.

load more comments (1 replies)
load more comments (1 replies)
load more comments (2 replies)